rpm package
suse/nodejs18&distro=SUSE Linux Enterprise Module for Web and Scripting 12
pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-32213 | Med | 6.5 | < 18.13.0-8.3.1 | 18.13.0-8.3.1 | Jul 14, 2022 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | |
| CVE-2022-32212 | Hig | 8.1 | < 18.13.0-8.3.1 | 18.13.0-8.3.1 | Jul 14, 2022 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding |
- affected < 18.13.0-8.3.1fixed 18.13.0-8.3.1
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
- affected < 18.13.0-8.3.1fixed 18.13.0-8.3.1
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding
Page 3 of 3