Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:2618-1

Опубликовано: 05 авг. 2021
Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issues:

  • update to npm 6.14.13
  • CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976)
  • CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977)
  • CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450)

Список пакетов

openSUSE Leap 15.3
nodejs8-8.17.0-10.12.2
nodejs8-devel-8.17.0-10.12.2
nodejs8-docs-8.17.0-10.12.2
npm8-8.17.0-10.12.2

Ссылки

Описание

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-devel-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-docs-8.17.0-10.12.2
openSUSE Leap 15.3:npm8-8.17.0-10.12.2
Ссылки

Описание

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-devel-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-docs-8.17.0-10.12.2
openSUSE Leap 15.3:npm8-8.17.0-10.12.2
Ссылки

Описание

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Затронутые продукты
openSUSE Leap 15.3:nodejs8-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-devel-8.17.0-10.12.2
openSUSE Leap 15.3:nodejs8-docs-8.17.0-10.12.2
openSUSE Leap 15.3:npm8-8.17.0-10.12.2
Ссылки