SUSE-SU-2023:3408-1 -- SLES nodejs14, npm14ID: oval:org.secpod.oval:def:89049294 | Date: (C)2023-08-30 (M)2024-06-24 |
Class: PATCH | Family: unix |
This update for nodejs14 fixes the following issues: * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . * CVE-2023-32559: Fixed permissions policies bypass via process.binding . * CVE-2023-30581: Fixed mainModule.proto bypass . * CVE-2023-30590: Fixed missing DiffieHellman key generation . * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |