SUSE-SU-2022:0704-1 -- SLES nodejs8, npm8, nodejs-commonID: oval:org.secpod.oval:def:89046015 | Date: (C)2022-03-11 (M)2023-11-10 |
Class: PATCH | Family: unix |
This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe . - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema . - CVE-2021-3807: Fixed regular expression denial of service matching ANSI escape codes in node-ansi-regex .
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
nodejs8 |
npm8 |
nodejs-common |