Описание
Security update for nodejs8
This update for nodejs8 fixes the following issue:
- CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 15 SP2
nodejs8-8.17.0-10.6.1
nodejs8-devel-8.17.0-10.6.1
nodejs8-docs-8.17.0-10.6.1
npm8-8.17.0-10.6.1
Ссылки
- Link for SUSE-SU-2021:0121-1
- E-Mail link for SUSE-SU-2021:0121-1
- SUSE Security Ratings
- SUSE Bug 1180554
- SUSE CVE CVE-2020-8287 page
Описание
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-8.17.0-10.6.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-devel-8.17.0-10.6.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-docs-8.17.0-10.6.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP2:npm8-8.17.0-10.6.1
Ссылки
- CVE-2020-8287
- SUSE Bug 1180554