VYPR

rpm package

suse/nodejs18&distro=SUSE Linux Enterprise Module for Web and Scripting 12

pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Vulnerabilities (42)

  • CVE-2022-32213MedJul 14, 2022
    affected < 18.13.0-8.3.1fixed 18.13.0-8.3.1

    The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

  • CVE-2022-32212HigJul 14, 2022
    affected < 18.13.0-8.3.1fixed 18.13.0-8.3.1

    A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding

Page 3 of 3