openSUSE-SU-2021:0195-1

Опубликовано: 30 янв. 2021

Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issue:

CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

nodejs8-8.17.0-lp152.3.8.1

nodejs8-devel-8.17.0-lp152.3.8.1

nodejs8-docs-8.17.0-lp152.3.8.1

npm8-8.17.0-lp152.3.8.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FBRCEZ5AUMB5RCV3OQ3WB7MSZEL755XF/
E-Mail link for openSUSE-SU-2021:0195-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180554
SUSE Bug 1180554
https://www.suse.com/security/cve/CVE-2020-8287/
SUSE CVE CVE-2020-8287 page

Описание

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

Затронутые продукты

openSUSE Leap 15.2:nodejs8-8.17.0-lp152.3.8.1

openSUSE Leap 15.2:nodejs8-devel-8.17.0-lp152.3.8.1

openSUSE Leap 15.2:nodejs8-docs-8.17.0-lp152.3.8.1

openSUSE Leap 15.2:npm8-8.17.0-lp152.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8287.html
CVE-2020-8287
https://bugzilla.suse.com/1180554
SUSE Bug 1180554

openSUSE-SU-2021:0195-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-8287

Описание

Затронутые продукты

Ссылки