SUSE-SU-2022:3196-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 08 Sept 2022, 08:35
Last modified:04 Feb 2026, 04:06
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Sept 2022, 08:35
Published
Vulnerability first disclosed
04 Feb 2026, 04:06
Last Modified
Vulnerability information updated
Description
Security update for nodejs16 This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382). - CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383). - CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517). - CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710). Bugfixes: - Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)
Affected Systems
- suse•nodejs16&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 16.17.0-8.9.1
References (10)
- https://www.suse.com/support/update/announcement/2022/suse-su-20223196-1/
- https://bugzilla.suse.com/1200303
- https://bugzilla.suse.com/1200517
- https://bugzilla.suse.com/1201710
- https://bugzilla.suse.com/1202382
- https://bugzilla.suse.com/1202383
- https://www.suse.com/security/cve/CVE-2022-29244
- https://www.suse.com/security/cve/CVE-2022-31150
- https://www.suse.com/security/cve/CVE-2022-35948
- https://www.suse.com/security/cve/CVE-2022-35949