SUSE-SU-2024:1307-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 16 Apr 2024, 09:32
Last modified:02 May 2025, 04:36
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Apr 2024, 09:32
Published
Vulnerability first disclosed
02 May 2025, 04:36
Last Modified
Vulnerability information updated
Description
Security update for nodejs18 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Affected Systems
- suse•nodejs18&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 18.20.1-8.21.1
References (11)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/
- https://bugzilla.suse.com/1220053
- https://bugzilla.suse.com/1222244
- https://bugzilla.suse.com/1222384
- https://bugzilla.suse.com/1222530
- https://bugzilla.suse.com/1222603
- https://www.suse.com/security/cve/CVE-2024-24806
- https://www.suse.com/security/cve/CVE-2024-27982
- https://www.suse.com/security/cve/CVE-2024-27983
- https://www.suse.com/security/cve/CVE-2024-30260
- https://www.suse.com/security/cve/CVE-2024-30261