openSUSE-SU-2021:0601-1

Опубликовано: 23 апр. 2021

Источник: suse-cvrf

Описание

Security update for nodejs-underscore

This update for nodejs-underscore fixes the following issues:

Update version to 1.13.1

Fix security issue (boo#1184800, CVE-2021-23358)
Fix bugs
Many new features

Список пакетов

openSUSE Leap 15.2

nodejs-underscore-1.13.1-lp152.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OYT735UU6WLJPI53DIIUEZ4OG2ZZSATO/
E-Mail link for openSUSE-SU-2021:0601-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184800
SUSE Bug 1184800
https://www.suse.com/security/cve/CVE-2021-23358/
SUSE CVE CVE-2021-23358 page

Описание

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Затронутые продукты

openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-23358.html
CVE-2021-23358
https://bugzilla.suse.com/1184800
SUSE Bug 1184800

openSUSE-SU-2021:0601-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-23358

Описание

Затронутые продукты

Ссылки