SUSE-SU-2024:0728-1 -- SLES nodejs16, npm16ID: oval:org.secpod.oval:def:89051591 | Date: (C)2024-04-26 (M)2024-06-03 |
Class: PATCH | Family: unix |
This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2024-22025: Denial of Service by resource exhaustion in fetch brotli decoding . * CVE-2024-24758: ignore proxy-authorization header . * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks .
Platform: |
SUSE Linux Enterprise Server 15 SP4 |