SUSE-SU-2022:2425-1 -- SLES nodejs14, npm14ID: oval:org.secpod.oval:def:89046793 | Date: (C)2022-07-20 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses . - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding . - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields . - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |