VYPR

rpm package

opensuse/nodejs14&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweed

Vulnerabilities (24)

  • CVE-2020-8174Jul 24, 2020
    affected < 14.17.5-1.2fixed 14.17.5-1.2

    napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

  • CVE-2020-15095Jul 7, 2020
    affected < 14.17.5-1.2fixed 14.17.5-1.2

    Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also

  • CVE-2020-8172Jun 8, 2020
    affected < 14.17.5-1.2fixed 14.17.5-1.2

    TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

  • CVE-2020-11080Jun 3, 2020
    affected < 14.17.5-1.2fixed 14.17.5-1.2

    In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T

Page 2 of 2