[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2023:2663-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":134,"epss":9,"epss_history":135,"metrics":136,"affected":137},"SUSE-SU-2023:2663-1","Security update for nodejs16\n\nThis update for nodejs16 fixes the following issues:\n\nUpdate to version 16.20.1:\n\n- CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574).\n- CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579).\n- CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581).\n- CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582).\n- CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583).\n- CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607).\n- CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606).\n- CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605).\n- CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604).\n    \nBug fixes:\n\n- Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2023-30581",{"_key":17},"CVE-2023-30585",{"_key":19},"CVE-2023-30588",{"_key":21},"CVE-2023-30589",{"_key":23},"CVE-2023-30590",{"_key":25},"CVE-2023-31124",{"_key":27},"CVE-2023-31130",{"_key":29},"CVE-2023-31147",{"_key":31},"CVE-2023-32067",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2023-06-27T18:27:09Z","2026-02-04T03:57:22.509724Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,56,61,65,69,73,77,81,85,89,93,97,102,106,110,114,118,122,126,130],{"url":50,"sources":51,"tags":54},"https://www.suse.com/support/update/announcement/2023/suse-su-20232663-1/",[52,53],"osv_suse","osv_opensuse",[55],"Advisory",{"url":57,"sources":58,"tags":59},"https://bugzilla.suse.com/1211407",[52,53],[60],"REPORT",{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1211604",[52,53],[60],{"url":66,"sources":67,"tags":68},"https://bugzilla.suse.com/1211605",[52,53],[60],{"url":70,"sources":71,"tags":72},"https://bugzilla.suse.com/1211606",[52,53],[60],{"url":74,"sources":75,"tags":76},"https://bugzilla.suse.com/1211607",[52,53],[60],{"url":78,"sources":79,"tags":80},"https://bugzilla.suse.com/1212574",[52,53],[60],{"url":82,"sources":83,"tags":84},"https://bugzilla.suse.com/1212579",[52,53],[60],{"url":86,"sources":87,"tags":88},"https://bugzilla.suse.com/1212581",[52,53],[60],{"url":90,"sources":91,"tags":92},"https://bugzilla.suse.com/1212582",[52,53],[60],{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1212583",[52,53],[60],{"url":98,"sources":99,"tags":100},"https://www.suse.com/security/cve/CVE-2023-30581",[52,53],[101],"WEB",{"url":103,"sources":104,"tags":105},"https://www.suse.com/security/cve/CVE-2023-30585",[52,53],[101],{"url":107,"sources":108,"tags":109},"https://www.suse.com/security/cve/CVE-2023-30588",[52,53],[101],{"url":111,"sources":112,"tags":113},"https://www.suse.com/security/cve/CVE-2023-30589",[52,53],[101],{"url":115,"sources":116,"tags":117},"https://www.suse.com/security/cve/CVE-2023-30590",[52,53],[101],{"url":119,"sources":120,"tags":121},"https://www.suse.com/security/cve/CVE-2023-31124",[52,53],[101],{"url":123,"sources":124,"tags":125},"https://www.suse.com/security/cve/CVE-2023-31130",[52,53],[101],{"url":127,"sources":128,"tags":129},"https://www.suse.com/security/cve/CVE-2023-31147",[52,53],[101],{"url":131,"sources":132,"tags":133},"https://www.suse.com/security/cve/CVE-2023-32067",[52,53],[101],[],[],[],[138,151],{"ecosystem":139,"name":140,"vendor":141,"product":142,"cpe_part":9,"purl_type":143,"purl_namespace":141,"purl_name":142,"source":9,"versions":144},"openSUSE","nodejs16","opensuse","nodejs16&distro=openSUSE Leap 15.4","rpm",[145],{"version":146,"is_range":147,"range_type":148,"version_start":9,"version_start_type":9,"version_end":149,"version_end_type":150,"fixed_in":9},"lt16_20_1_150400_3_21_1",true,"ecosystem","16.20.1-150400.3.21.1","excluding",{"ecosystem":152,"name":140,"vendor":153,"product":154,"cpe_part":9,"purl_type":143,"purl_namespace":153,"purl_name":154,"source":9,"versions":155},"SUSE Linux Enterprise","suse","nodejs16&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP4",[156],{"version":146,"is_range":147,"range_type":148,"version_start":9,"version_start_type":9,"version_end":149,"version_end_type":150,"fixed_in":9}]