OPENSUSE-SU-2021:1552-1

Advisory lineage Upstream: 7 Downstream: 0
Published: 10 Dec 2021, 09:43
Last modified:04 Feb 2026, 03:51

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Dec 2021, 09:43
Published
Vulnerability first disclosed
04 Feb 2026, 03:51
Last Modified
Vulnerability information updated

Description

Security update for nodejs14 This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add 'tries' option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) This update was imported from the SUSE:SLE-15-SP2:Update update project.

Affected Systems

  • opensusenodejs14&distro=openSUSE Leap 15.2

    < 14.18.1-lp152.17.1

References (15)