Oval Definition:oval:org.opensuse.security:def:111164
Revision Date:2021-12-12Version:1
Title:Security update for nodejs12 (Important)
Description:

This update for nodejs12 fixes the following issues:

- CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053).

This update was imported from the SUSE:SLE-15-SP2:Update update project.
Family:unixClass:patch
Status:Reference(s):1190053
1190054
1190055
1190056
1190057
1191601
1191602
CVE-2021-22959
CVE-2021-22960
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
openSUSE-SU-2021:1574-1
Platform(s):openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • nodejs12-12.22.7-lp152.3.21.1 is installed
  • OR nodejs12-devel-12.22.7-lp152.3.21.1 is installed
  • OR nodejs12-docs-12.22.7-lp152.3.21.1 is installed
  • OR npm12-12.22.7-lp152.3.21.1 is installed
    • BACK