VYPR

rpm package

suse/nodejs16&distro=SUSE Linux Enterprise Module for Web and Scripting 12

pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Vulnerabilities (42)

  • CVE-2022-32212HigJul 14, 2022
    affected < 16.16.0-8.6.1fixed 16.16.0-8.6.1

    A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding

  • CVE-2022-29244HigJun 13, 2022
    affected < 16.17.0-8.9.1fixed 16.17.0-8.9.1

    npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, m

Page 3 of 3