Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1694-1

Опубликовано: 17 мая 2022
Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issues:

  • CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247).
  • CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283).
  • CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819).

Список пакетов

openSUSE Leap 15.3
nodejs8-8.17.0-150200.10.22.1
nodejs8-devel-8.17.0-150200.10.22.1
nodejs8-docs-8.17.0-150200.10.22.1
npm8-8.17.0-150200.10.22.1
openSUSE Leap 15.4
nodejs8-8.17.0-150200.10.22.1
nodejs8-devel-8.17.0-150200.10.22.1
nodejs8-docs-8.17.0-150200.10.22.1
npm8-8.17.0-150200.10.22.1

Ссылки

Описание

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-devel-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-docs-8.17.0-150200.10.22.1
openSUSE Leap 15.3:npm8-8.17.0-150200.10.22.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-devel-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-docs-8.17.0-150200.10.22.1
openSUSE Leap 15.3:npm8-8.17.0-150200.10.22.1
Ссылки

Описание

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-devel-8.17.0-150200.10.22.1
openSUSE Leap 15.3:nodejs8-docs-8.17.0-150200.10.22.1
openSUSE Leap 15.3:npm8-8.17.0-150200.10.22.1
Ссылки
Уязвимость SUSE-SU-2022:1694-1