SUSE-SU-2022:0715-1 -- SLES nodejs14, npm14ID: oval:org.secpod.oval:def:89046019 | Date: (C)2022-03-11 (M)2023-11-10 |
Class: PATCH | Family: unix |
This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe . - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema . - CVE-2021-3807: Fixed regular expression denial of service matching ANSI escape codes in node-ansi-regex .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |