Описание
Security update for nodejs16
This update for nodejs16 fixes the following issues:
- CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (bsc#1222530)
- CVE-2024-30261: undici: Ensure that integrity cannot be tampered with (bsc#1222603)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
nodejs16-16.20.2-8.45.1
nodejs16-devel-16.20.2-8.45.1
nodejs16-docs-16.20.2-8.45.1
npm16-16.20.2-8.45.1
Ссылки
- Link for SUSE-SU-2024:1836-1
- E-Mail link for SUSE-SU-2024:1836-1
- SUSE Security Ratings
- SUSE Bug 1222530
- SUSE Bug 1222603
- SUSE CVE CVE-2024-30260 page
- SUSE CVE CVE-2024-30261 page
Описание
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1
Ссылки
- CVE-2024-30260
- SUSE Bug 1222530
Описание
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1
Ссылки
- CVE-2024-30261
- SUSE Bug 1222603