[openSUSE-SU-2021:1574-1] Security update for nodejs12
Severity
Important
Affected Packages
7
CVEs
7
Security update for nodejs12
This update for nodejs12 fixes the following issues:
- CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601).
- CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602).
- CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057).
- CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056).
- CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055).
- CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054).
- CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/npm12?arch=x86_64&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/npm12?arch=i586&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/nodejs12?arch=x86_64&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/nodejs12?arch=i586&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/nodejs12-docs?arch=noarch&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/nodejs12-devel?arch=x86_64&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
pkg:rpm/opensuse/nodejs12-devel?arch=i586&distro=opensuse-leap-15.2 | < 12.22.7-lp152.3.21.1 |
- ID
- openSUSE-SU-2021:1574-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ6MU5ASKOGKZBGVKFFXVB64PMZRVEPX/
- Published
-
2021-12-12T01:19:11
(2 years ago) - Modified
-
2021-12-12T01:19:11
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2021-22959
- ALPINE:CVE-2021-22960
- ALPINE:CVE-2021-37701
- ALPINE:CVE-2021-37712
- ALPINE:CVE-2021-37713
- ALPINE:CVE-2021-39134
- ALPINE:CVE-2021-39135
- ALSA-2021:5171
- ALSA-2022:0350
- ASA-202110-4
- DSA-5008-1
- DSA-5170-1
- ELSA-2021-5171
- ELSA-2022-0350
- FEDORA-2021-9807b754d9
- FEDORA-2021-9818cabe0d
- FEDORA-2021-cbad295a90
- FREEBSD:7062BCE0-1B17-11EC-9D9D-0022489AD614
- FREEBSD:A9C5E89D-2D15-11EC-8363-0022489AD614
- GLSA-202405-29
- NPM:GHSA-2H3H-Q99F-3FHC
- NPM:GHSA-5955-9WPR-37JH
- NPM:GHSA-9R2W-394V-53QC
- NPM:GHSA-GMW6-94GG-2RC2
- NPM:GHSA-QQ89-HQ3F-393P
- openSUSE-SU-2021:1552-1
- openSUSE-SU-2021:3940-1
- openSUSE-SU-2021:3964-1
- RHEA-2022:5139
- RHSA-2021:5171
- RHSA-2022:0350
- RLEA-2022:5139
- RLSA-2021:5171
- RLSA-2022:0350
- SUSE-SU-2021:3886-1
- SUSE-SU-2021:3940-1
- SUSE-SU-2021:3964-1
- SUSE-SU-2022:0101-1
- SUSE-SU-2022:2855-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/npm12?arch=x86_64&distro=opensuse-leap-15.2 | opensuse | npm12 | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | x86_64 | |
Affected | pkg:rpm/opensuse/npm12?arch=i586&distro=opensuse-leap-15.2 | opensuse | npm12 | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | i586 | |
Affected | pkg:rpm/opensuse/nodejs12?arch=x86_64&distro=opensuse-leap-15.2 | opensuse | nodejs12 | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | x86_64 | |
Affected | pkg:rpm/opensuse/nodejs12?arch=i586&distro=opensuse-leap-15.2 | opensuse | nodejs12 | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | i586 | |
Affected | pkg:rpm/opensuse/nodejs12-docs?arch=noarch&distro=opensuse-leap-15.2 | opensuse | nodejs12-docs | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | noarch | |
Affected | pkg:rpm/opensuse/nodejs12-devel?arch=x86_64&distro=opensuse-leap-15.2 | opensuse | nodejs12-devel | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | x86_64 | |
Affected | pkg:rpm/opensuse/nodejs12-devel?arch=i586&distro=opensuse-leap-15.2 | opensuse | nodejs12-devel | < 12.22.7-lp152.3.21.1 | opensuse-leap-15.2 | i586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |