SUSE-SU-2022:1717-1 -- SLES nodejs10, npm10ID: oval:org.secpod.oval:def:89046314 | Date: (C)2022-05-25 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe . - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema . - CVE-2021-3807: Fixed regular expression denial of service matching ANSI escape codes in node-ansi-regex . - CVE-2022-21824: Fixed prototype pollution via console.table . - CVE-2021-44906: Fixed prototype pollution in npm dependency . - CVE-2021-44907: Fixed insuficient sanitation in npm dependency . - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm .
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP1 |