Описание
Security update for nodejs18
This update for nodejs18 fixes the following issues:
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Other fixes:
- Update to 18.20.5
- esm: mark import attributes and JSON module as stable
- deps:
- upgrade npm to 10.8.2
- update simdutf to 5.6.0
- update brotli to 1.1.0
- update ada to 2.8.0
- update acorn to 8.13.0
- update acorn-walk to 8.3.4
- update c-ares to 1.29.0
Список пакетов
Container bci/node:18
nodejs18-18.20.5-150400.9.30.1
npm18-18.20.5-150400.9.30.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP5
nodejs18-18.20.5-150400.9.30.1
nodejs18-devel-18.20.5-150400.9.30.1
nodejs18-docs-18.20.5-150400.9.30.1
npm18-18.20.5-150400.9.30.1
openSUSE Leap 15.5
corepack18-18.20.5-150400.9.30.1
nodejs18-18.20.5-150400.9.30.1
nodejs18-devel-18.20.5-150400.9.30.1
nodejs18-docs-18.20.5-150400.9.30.1
npm18-18.20.5-150400.9.30.1
Ссылки
- Link for SUSE-SU-2024:4301-1
- E-Mail link for SUSE-SU-2024:4301-1
- SUSE Security Ratings
- SUSE Bug 1233856
- SUSE CVE CVE-2024-21538 page
Описание
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Затронутые продукты
Container bci/node:18:nodejs18-18.20.5-150400.9.30.1
Container bci/node:18:npm18-18.20.5-150400.9.30.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.5-150400.9.30.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.5-150400.9.30.1
Ссылки
- CVE-2024-21538
- SUSE Bug 1233843