[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2021:0066-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":63,"epss":9,"epss_history":64,"metrics":65,"affected":66},"OPENSUSE-SU-2021:0066-1","Security update for nodejs14\n\nThis update for nodejs14 fixes the following issues:\n\n- New upstream LTS version 14.15.4:\n  * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS\n    implementation. When writing to a TLS enabled socket,\n    node::StreamBase::Write calls node::TLSWrap::DoWrite with\n    a freshly allocated WriteWrap object as first argument.\n    If the DoWrite method does not return an error, this object is\n    passed back to the caller as part of a StreamWriteResult structure.\n    This may be exploited to corrupt memory leading to a\n    Denial of Service or potentially other exploits (bsc#1180553)\n  * CVE-2020-8287: HTTP Request Smuggling allow two copies of a\n    header field in a http request. For example, two Transfer-Encoding\n    header fields. In this case Node.js identifies the first header\n    field and ignores the second. This can lead to HTTP Request\n    Smuggling (https://cwe.mitre.org/data/definitions/444.html).\n    (bsc#1180554)\n\n- New upstream LTS version 14.15.3:\n  * deps:\n    + upgrade npm to 6.14.9\n    + update acorn to v8.0.4\n  * http2: check write not scheduled in scope destructor\n  * stream: fix regression on duplex end\n\n- New upstream LTS version 14.15.1:\n  * deps: Denial of Service through DNS request (High).\n  A Node.js application that allows an attacker to trigger a DNS\n  request for a host of their choice could trigger a Denial of Service\n  by getting the application to resolve a DNS record with\n  a larger number of responses (bsc#1178882, CVE-2020-8277)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",null,[],[],[],[14,16,18],{"_key":15},"CVE-2020-8265",{"_key":17},"CVE-2020-8277",{"_key":19},"CVE-2020-8287",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2021-01-15T09:23:32Z","2026-02-04T03:18:17.747434Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,46,50,55,59],{"url":32,"sources":33,"tags":35},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WYFKSVZAWD7RDU5OST2FANHMDWL4VNM7/",[34],"osv_opensuse",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugzilla.suse.com/1178882",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://bugzilla.suse.com/1180553",[34],[41],{"url":47,"sources":48,"tags":49},"https://bugzilla.suse.com/1180554",[34],[41],{"url":51,"sources":52,"tags":53},"https://www.suse.com/security/cve/CVE-2020-8265",[34],[54],"WEB",{"url":56,"sources":57,"tags":58},"https://www.suse.com/security/cve/CVE-2020-8277",[34],[54],{"url":60,"sources":61,"tags":62},"https://www.suse.com/security/cve/CVE-2020-8287",[34],[54],[],[],[],[67],{"ecosystem":68,"name":69,"vendor":70,"product":71,"cpe_part":9,"purl_type":72,"purl_namespace":70,"purl_name":71,"source":9,"versions":73},"openSUSE","nodejs14","opensuse","nodejs14&distro=openSUSE Leap 15.2","rpm",[74],{"version":75,"is_range":76,"range_type":77,"version_start":9,"version_start_type":9,"version_end":78,"version_end_type":79,"fixed_in":9},"lt14_15_4_lp152_5_1",true,"ecosystem","14.15.4-lp152.5.1","excluding"]