rpm package
suse/nodejs16&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-24807 | — | < 16.19.1-150300.7.18.1 | 16.19.1-150300.7.18.1 | Feb 16, 2023 | Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular | ||
| CVE-2022-25881 | — | < 16.20.0-150300.7.21.2 | 16.20.0-150300.7.21.2 | Jan 31, 2023 | This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. |
- CVE-2023-24807Feb 16, 2023affected < 16.19.1-150300.7.18.1fixed 16.19.1-150300.7.18.1
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular
- CVE-2022-25881Jan 31, 2023affected < 16.20.0-150300.7.21.2fixed 16.20.0-150300.7.21.2
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Page 2 of 2