VYPR

rpm package

opensuse/nodejs17&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nodejs17&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2021-44533Feb 24, 2022
    affected < 17.3.1-1.1fixed 17.3.1-1.1

    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguis

  • CVE-2021-44532Feb 24, 2022
    affected < 17.3.1-1.1fixed 17.3.1-1.1

    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name

  • CVE-2021-44531Feb 24, 2022
    affected < 17.3.1-1.1fixed 17.3.1-1.1

    Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are o

  • CVE-2022-21824Feb 24, 2022
    affected < 17.3.1-1.1fixed 17.3.1-1.1

    Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The p