rpm package
suse/nodejs10&distro=SUSE Linux Enterprise Server 15 SP1-BCL
pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23362 | — | < 10.24.1-1.36.1 | 10.24.1-1.36.1 | Mar 23, 2021 | The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | ||
| CVE-2021-27290 | — | < 10.24.1-1.36.1 | 10.24.1-1.36.1 | Mar 12, 2021 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | ||
| CVE-2021-22883 | — | < 10.24.0-1.33.2 | 10.24.0-1.33.2 | Mar 3, 2021 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then th | ||
| CVE-2021-22884 | — | < 10.24.0-1.33.2 | 10.24.0-1.33.2 | Mar 3, 2021 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker control | ||
| CVE-2021-23840 | Hig | 7.5 | < 10.24.0-1.33.2 | 10.24.0-1.33.2 | Feb 16, 2021 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be | |
| CVE-2020-7774 | — | < 10.24.1-1.36.1 | 10.24.1-1.36.1 | Nov 17, 2020 | The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. |
- CVE-2021-23362Mar 23, 2021affected < 10.24.1-1.36.1fixed 10.24.1-1.36.1
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
- CVE-2021-27290Mar 12, 2021affected < 10.24.1-1.36.1fixed 10.24.1-1.36.1
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
- CVE-2021-22883Mar 3, 2021affected < 10.24.0-1.33.2fixed 10.24.0-1.33.2
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then th
- CVE-2021-22884Mar 3, 2021affected < 10.24.0-1.33.2fixed 10.24.0-1.33.2
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker control
- affected < 10.24.0-1.33.2fixed 10.24.0-1.33.2
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be
- CVE-2020-7774Nov 17, 2020affected < 10.24.1-1.36.1fixed 10.24.1-1.36.1
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Page 2 of 2