[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2018:0952-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":52,"epss":9,"epss_history":53,"metrics":54,"affected":55},"SUSE-SU-2018:0952-1","Security update for nodejs4\n\nThis update for nodejs4 fixes the following issues:\n\n- Fix some node-gyp permissions\n\n- New upstream maintenance 4.9.1:\n  * Security fixes:\n    + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459)\n    + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453)\n  * Upgrade to OpenSSL 1.0.2o\n  * deps: reject interior blanks in Content-Length\n  * deps: upgrade http-parser to v2.8.0\n\n- remove any old manpage files in %pre from before update-alternatives\n  were used to manage symlinks to these manpages.\n\n- Add Recommends and BuildRequire on python2 for npm. node-gyp\n  requires this old version of python for now. This is only needed\n  for binary modules.\n\n- even on recent codestreams there is no binutils gold on s390\n  only on s390x\n\n- Enable CI tests in %check target\n  ",null,[],[],[],[14,16],{"_key":15},"CVE-2018-7158",{"_key":17},"CVE-2018-7159",[],[],[21,22],{"_key":15},{"_key":17},"2018-04-16T15:32:06Z","2026-02-04T03:06:14.382075Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,43,48],{"url":29,"sources":30,"tags":32},"https://www.suse.com/support/update/announcement/2018/suse-su-20180952-1/",[31],"osv_suse",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugzilla.suse.com/1087453",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://bugzilla.suse.com/1087459",[31],[38],{"url":44,"sources":45,"tags":46},"https://www.suse.com/security/cve/CVE-2018-7158",[31],[47],"WEB",{"url":49,"sources":50,"tags":51},"https://www.suse.com/security/cve/CVE-2018-7159",[31],[47],[],[],[],[56,69],{"ecosystem":57,"name":58,"vendor":59,"product":60,"cpe_part":9,"purl_type":61,"purl_namespace":59,"purl_name":60,"source":9,"versions":62},"SUSE Linux Enterprise","nodejs4","suse","nodejs4&distro=SUSE Enterprise Storage 4","rpm",[63],{"version":64,"is_range":65,"range_type":66,"version_start":9,"version_start_type":9,"version_end":67,"version_end_type":68,"fixed_in":9},"lt4_9_1_15_11_1",true,"ecosystem","4.9.1-15.11.1","excluding",{"ecosystem":57,"name":58,"vendor":59,"product":70,"cpe_part":9,"purl_type":61,"purl_namespace":59,"purl_name":70,"source":9,"versions":71},"nodejs4&distro=SUSE Linux Enterprise Module for Web and Scripting 12",[72],{"version":64,"is_range":65,"range_type":66,"version_start":9,"version_start_type":9,"version_end":67,"version_end_type":68,"fixed_in":9}]