OPENSUSE-SU-2021:3940-1
Advisory lineage Upstream: 7 Downstream: 0
Published: 06 Dec 2021, 13:43
Last modified:07 May 2025, 18:12
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Dec 2021, 13:43
Published
Vulnerability first disclosed
07 May 2025, 18:12
Last Modified
Vulnerability information updated
Description
Security update for nodejs12 This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053).
Affected Systems
- opensuse•nodejs12&distro=openSUSE Leap 15.3
< 12.22.7-4.22.1
References (15)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LB7JXCGGW7EKOPAS4IDMUQPYHXS3ZUZA/
- https://bugzilla.suse.com/1190053
- https://bugzilla.suse.com/1190054
- https://bugzilla.suse.com/1190055
- https://bugzilla.suse.com/1190056
- https://bugzilla.suse.com/1190057
- https://bugzilla.suse.com/1191601
- https://bugzilla.suse.com/1191602
- https://www.suse.com/security/cve/CVE-2021-22959
- https://www.suse.com/security/cve/CVE-2021-22960
- https://www.suse.com/security/cve/CVE-2021-37701
- https://www.suse.com/security/cve/CVE-2021-37712
- https://www.suse.com/security/cve/CVE-2021-37713
- https://www.suse.com/security/cve/CVE-2021-39134
- https://www.suse.com/security/cve/CVE-2021-39135