Oval Definition:oval:org.opensuse.security:def:202123567
Revision Date:2022-09-02Version:1
Title:CVE-2021-23567
Description:

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-23567
SUSE CVE-2021-23567
Platform(s):SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs12 is not affected
  • OR nodejs12-devel is not affected
  • OR nodejs12-docs is not affected
  • OR npm12 is not affected
  • OR nodejs14 is not affected
  • OR nodejs14-devel is not affected
  • OR nodejs14-docs is not affected
  • OR npm14 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs12 is not affected
  • OR nodejs12-devel is not affected
  • OR nodejs12-docs is not affected
  • OR npm12 is not affected
  • OR nodejs14 is not affected
  • OR nodejs14-devel is not affected
  • OR nodejs14-docs is not affected
  • OR npm14 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND nodejs6 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs12 is not affected
  • OR nodejs12-devel is not affected
  • OR nodejs12-docs is not affected
  • OR npm12 is not affected
  • OR nodejs14 is not affected
  • OR nodejs14-devel is not affected
  • OR nodejs14-docs is not affected
  • OR npm14 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Enterprise Storage 6 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Enterprise Storage 7 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs12 is not affected
  • OR nodejs12-devel is not affected
  • OR nodejs12-docs is not affected
  • OR npm12 is not affected
  • OR nodejs14 is not affected
  • OR nodejs14-devel is not affected
  • OR nodejs14-docs is not affected
  • OR npm14 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • BACK