[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2024:0643-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":34,"duplicates":35,"related":36,"reserved_at":9,"published_at":47,"modified_at":48,"state":9,"summary":49,"references_raw":51,"kevs":145,"epss":9,"epss_history":146,"metrics":147,"affected":148},"SUSE-SU-2024:0643-1","Security update for nodejs20\n\nThis update for nodejs20 fixes the following issues:\n\nUpdate to 20.11.1: (security updates)\n\n* CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992).\n* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).\n* CVE-2024-21896: Path traversal by monkey-patching Buffer internals (bsc#1219994).j\n* CVE-2024-22017: setuid() does not drop all privileges due to io_uring (bsc#1219995).\n* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).\n* CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization (bsc#1219998).\n* CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (bsc#1219999).\n* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).\n* CVE-2024-24758: undici version 5.28.3 (bsc#1220017).\n* CVE-2024-24806: libuv version 1.48.0 (bsc#1219724).\n\nUpdate to 20.11.0:\n\n* esm: add import.meta.dirname and import.meta.filename\n* fs: add c++ fast path for writeFileSync utf8\n* module: remove useCustomLoadersIfPresent flag\n* module: bootstrap module loaders in shadow realm\n* src: add --disable-warning option\n* src: create per isolate proxy env template\n* src: make process binding data weak\n* stream: use Array for Readable buffer\n* stream: optimize creation\n* test_runner: adds built in lcov reporter\n* test_runner: add Date to the supported mock APIs\n* test_runner, cli: add --test-timeout flag\n\nUpdate to 20.10.0:\n\n* --experimental-default-type flag to flip module defaults\n* The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected.\n* Added flush option in file system functions for fs.writeFile functions\n* Added experimental WebSocket client\n* vm: fix V8 compilation cache support for vm.Script. This fixes performance regression since v16.x when support for importModuleDynamically was added to vm.Script\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32],{"_key":15},"CVE-2023-46809",{"_key":17},"CVE-2024-21890",{"_key":19},"CVE-2024-21891",{"_key":21},"CVE-2024-21892",{"_key":23},"CVE-2024-21896",{"_key":25},"CVE-2024-22017",{"_key":27},"CVE-2024-22019",{"_key":29},"CVE-2024-22025",{"_key":31},"CVE-2024-24758",{"_key":33},"CVE-2024-24806",[],[],[37,38,39,40,41,42,43,44,45,46],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2024-02-28T08:43:43Z","2026-02-04T04:14:35.479433Z",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[52,59,64,68,72,76,80,84,88,92,96,100,104,109,113,117,121,125,129,133,137,141],{"url":53,"sources":54,"tags":57},"https://www.suse.com/support/update/announcement/2024/suse-su-20240643-1/",[55,56],"osv_suse","osv_opensuse",[58],"Advisory",{"url":60,"sources":61,"tags":62},"https://bugzilla.suse.com/1219152",[55,56],[63],"REPORT",{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/1219724",[55,56],[63],{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/1219992",[55,56],[63],{"url":73,"sources":74,"tags":75},"https://bugzilla.suse.com/1219993",[55,56],[63],{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/1219994",[55,56],[63],{"url":81,"sources":82,"tags":83},"https://bugzilla.suse.com/1219995",[55,56],[63],{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/1219997",[55,56],[63],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1219998",[55,56],[63],{"url":93,"sources":94,"tags":95},"https://bugzilla.suse.com/1219999",[55,56],[63],{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1220014",[55,56],[63],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1220017",[55,56],[63],{"url":105,"sources":106,"tags":107},"https://www.suse.com/security/cve/CVE-2023-46809",[55,56],[108],"WEB",{"url":110,"sources":111,"tags":112},"https://www.suse.com/security/cve/CVE-2024-21890",[55,56],[108],{"url":114,"sources":115,"tags":116},"https://www.suse.com/security/cve/CVE-2024-21891",[55,56],[108],{"url":118,"sources":119,"tags":120},"https://www.suse.com/security/cve/CVE-2024-21892",[55,56],[108],{"url":122,"sources":123,"tags":124},"https://www.suse.com/security/cve/CVE-2024-21896",[55,56],[108],{"url":126,"sources":127,"tags":128},"https://www.suse.com/security/cve/CVE-2024-22017",[55,56],[108],{"url":130,"sources":131,"tags":132},"https://www.suse.com/security/cve/CVE-2024-22019",[55,56],[108],{"url":134,"sources":135,"tags":136},"https://www.suse.com/security/cve/CVE-2024-22025",[55,56],[108],{"url":138,"sources":139,"tags":140},"https://www.suse.com/security/cve/CVE-2024-24758",[55,56],[108],{"url":142,"sources":143,"tags":144},"https://www.suse.com/security/cve/CVE-2024-24806",[55,56],[108],[],[],[],[149,162],{"ecosystem":150,"name":151,"vendor":152,"product":153,"cpe_part":9,"purl_type":154,"purl_namespace":152,"purl_name":153,"source":9,"versions":155},"openSUSE","nodejs20","opensuse","nodejs20&distro=openSUSE Leap 15.5","rpm",[156],{"version":157,"is_range":158,"range_type":159,"version_start":9,"version_start_type":9,"version_end":160,"version_end_type":161,"fixed_in":9},"lt20_11_1_150500_11_6_1",true,"ecosystem","20.11.1-150500.11.6.1","excluding",{"ecosystem":163,"name":151,"vendor":164,"product":165,"cpe_part":9,"purl_type":154,"purl_namespace":164,"purl_name":165,"source":9,"versions":166},"SUSE Linux Enterprise","suse","nodejs20&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP5",[167],{"version":157,"is_range":158,"range_type":159,"version_start":9,"version_start_type":9,"version_end":160,"version_end_type":161,"fixed_in":9}]