OPENSUSE-SU-2021:1574-1
Vulnerability Summary
Timeline
Description
Security update for nodejs12 This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•nodejs12&distro=openSUSE Leap 15.2
< 12.22.7-lp152.3.21.1
References (15)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ6MU5ASKOGKZBGVKFFXVB64PMZRVEPX/
- https://bugzilla.suse.com/1190053
- https://bugzilla.suse.com/1190054
- https://bugzilla.suse.com/1190055
- https://bugzilla.suse.com/1190056
- https://bugzilla.suse.com/1190057
- https://bugzilla.suse.com/1191601
- https://bugzilla.suse.com/1191602
- https://www.suse.com/security/cve/CVE-2021-22959
- https://www.suse.com/security/cve/CVE-2021-22960
- https://www.suse.com/security/cve/CVE-2021-37701
- https://www.suse.com/security/cve/CVE-2021-37712
- https://www.suse.com/security/cve/CVE-2021-37713
- https://www.suse.com/security/cve/CVE-2021-39134
- https://www.suse.com/security/cve/CVE-2021-39135