[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2021:0065-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":63,"epss":9,"epss_history":64,"metrics":65,"affected":66},"OPENSUSE-SU-2021:0065-1","Security update for nodejs10\n\nThis update for nodejs10 fixes the following issues:\n\n- New upstream LTS version 10.23.1:\n  * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS\n    implementation. When writing to a TLS enabled socket,\n    node::StreamBase::Write calls node::TLSWrap::DoWrite with\n    a freshly allocated WriteWrap object as first argument.\n    If the DoWrite method does not return an error, this object is\n    passed back to the caller as part of a StreamWriteResult structure.\n    This may be exploited to corrupt memory leading to a\n    Denial of Service or potentially other exploits (bsc#1180553)\n  * CVE-2020-8287: HTTP Request Smuggling allow two copies of a\n    header field in a http request. For example, two Transfer-Encoding\n    header fields. In this case Node.js identifies the first header\n    field and ignores the second. This can lead to HTTP Request\n    Smuggling (https://cwe.mitre.org/data/definitions/444.html).\n    (bsc#1180554)\n  * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference\n    (High) This is a vulnerability in OpenSSL which may be exploited\n    through Node.js. (bsc#1179491)\n\n- New upstream LTS version 10.23.0:\n  * deps: upgrade npm to 6.14.8\n  * n-api:\n    + create N-API version 7\n    + expose napi_build_version variable\n\nThis update was imported from the SUSE:SLE-15:Update update project.",null,[],[],[],[14,16,18],{"_key":15},"CVE-2020-1971",{"_key":17},"CVE-2020-8265",{"_key":19},"CVE-2020-8287",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2021-01-15T09:23:23Z","2026-02-04T04:35:17.861511Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,46,50,55,59],{"url":32,"sources":33,"tags":35},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3MAV3V72VVUTVO6VC6SN5XB5EYX3TJWK/",[34],"osv_opensuse",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugzilla.suse.com/1179491",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://bugzilla.suse.com/1180553",[34],[41],{"url":47,"sources":48,"tags":49},"https://bugzilla.suse.com/1180554",[34],[41],{"url":51,"sources":52,"tags":53},"https://www.suse.com/security/cve/CVE-2020-1971",[34],[54],"WEB",{"url":56,"sources":57,"tags":58},"https://www.suse.com/security/cve/CVE-2020-8265",[34],[54],{"url":60,"sources":61,"tags":62},"https://www.suse.com/security/cve/CVE-2020-8287",[34],[54],[],[],[],[67],{"ecosystem":68,"name":69,"vendor":70,"product":71,"cpe_part":9,"purl_type":72,"purl_namespace":70,"purl_name":71,"source":9,"versions":73},"openSUSE","nodejs10","opensuse","nodejs10&distro=openSUSE Leap 15.2","rpm",[74],{"version":75,"is_range":76,"range_type":77,"version_start":9,"version_start_type":9,"version_end":78,"version_end_type":79,"fixed_in":9},"lt10_23_1_lp152_2_9_1",true,"ecosystem","10.23.1-lp152.2.9.1","excluding"]