Описание
Security update for nodejs8
This update for nodejs8 fixes the following issues:
- update to npm 6.14.13
- CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976)
- CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977)
- CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:1113-1
- SUSE Security Ratings
- SUSE Bug 1184450
- SUSE Bug 1187976
- SUSE Bug 1187977
- SUSE CVE CVE-2020-7774 page
- SUSE CVE CVE-2021-23362 page
- SUSE CVE CVE-2021-27290 page
Описание
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Затронутые продукты
Ссылки
- CVE-2020-7774
- SUSE Bug 1184450
Описание
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Затронутые продукты
Ссылки
- CVE-2021-23362
- SUSE Bug 1187977
Описание
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Затронутые продукты
Ссылки
- CVE-2021-27290
- SUSE Bug 1187976