SUSE-SU-2020:1606-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 11 Jun 2020, 10:10
Last modified:04 Feb 2026, 03:36
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Jun 2020, 10:10
Published
Vulnerability first disclosed
04 Feb 2026, 03:36
Last Modified
Vulnerability information updated
Description
Security update for nodejs12 This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.18.0 - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass (bsc#1172441). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). npm was updated to 6.13.6 - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).
Affected Systems
- suse•nodejs12&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 12.18.0-1.14.1
References (10)
- https://www.suse.com/support/update/announcement/2020/suse-su-20201606-1/
- https://bugzilla.suse.com/1166916
- https://bugzilla.suse.com/1172441
- https://bugzilla.suse.com/1172442
- https://bugzilla.suse.com/1172443
- https://bugzilla.suse.com/1172728
- https://www.suse.com/security/cve/CVE-2020-11080
- https://www.suse.com/security/cve/CVE-2020-7598
- https://www.suse.com/security/cve/CVE-2020-8172
- https://www.suse.com/security/cve/CVE-2020-8174