Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2022:1717-1
HistoryMay 17, 2022 - 12:00 a.m.

Security update for nodejs10 (important)

2022-05-1700:00:00
lists.opensuse.org
49

0.035 Low

EPSS

Percentile

91.6%

JSON

An update that fixes 9 vulnerabilities is now available.

Description:

This update for nodejs10 fixes the following issues:

  • CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and
    splitPathRe (bsc#1192153).
  • CVE-2021-32803: Fixed insufficient symlink protection in node-tar
    allowing arbitrary file creation and overwrite (bsc#1191963).
  • CVE-2021-32804: Fixed insufficient absolute path sanitization in
    node-tar allowing arbitrary file creation and overwrite (bsc#1191962).
  • CVE-2021-3918: Fixed improper controlled modification of object
    prototype attributes in json-schema (bsc#1192696).
  • CVE-2021-3807: Fixed regular expression denial of service (ReDoS)
    matching ANSI escape codes in node-ansi-regex (bsc#1192154).
  • CVE-2022-21824: Fixed prototype pollution via console.table
    (bsc#1194514).
  • CVE-2021-44906: Fixed prototype pollution in npm dependency
    (bsc#1198247).
  • CVE-2021-44907: Fixed insuficient sanitation in npm dependency
    (bsc#1197283).
  • CVE-2022-0235: Fixed passing of cookie data and sensitive headers to
    different hostnames in node-fetch-npm (bsc#1194819).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-1717=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-1717=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1717=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1717=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1717=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1717=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1717=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1717=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1717=1

  • SUSE Linux Enterprise Server 15-SP2-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1717=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1717=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1717=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1

  • SUSE Linux Enterprise High Performance Computing 15-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-1717=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-1717=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
Rows per page:
1-10 of 701

Related

nessus 33
openvas 25
suse 8
ubuntucve 5
debiancve 6
prion 6
cve 8
alpinelinux 2
osv 19
cvelist 8
nvd 6
github 5
ibm 25
redhatcve 7
rocky 2
mageia 2
oraclelinux 2
redhat 6
almalinux 3
veracode 7
nodejs 3
githubexploit 2
redos 1
ubuntu 2
hackerone 1
cbl_mariner 2
debian 1
huntr 1
cnvd 1
nessus
nessus
SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2022:1717-1)
2022-05-18 00:00:00
SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2022:0570-1)
2022-02-25 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)
2022-03-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1717-1)
2022-05-18 00:00:00
openSUSE: Security Advisory for nodejs10 (SUSE-SU-2022:1717-1)
2022-05-18 00:00:00
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)
2022-03-03 00:00:00
suse
suse
Security update for nodejs12 (important)
2022-03-02 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2021-32804
2021-08-03 00:00:00
CVE-2021-44906
2022-03-17 00:00:00
CVE-2021-32803
2021-08-03 00:00:00
debiancve
debiancve
CVE-2021-32804
2021-08-03 19:15:08
CVE-2021-32803
2021-08-03 19:15:08
CVE-2021-44906
2022-03-17 16:15:07
prion
prion
Design/Logic Flaw
2021-08-03 19:15:00
Code injection
2022-03-17 16:15:00
Code injection
2021-05-04 09:15:00
cve
cve
CVE-2021-32804
2021-08-03 19:15:08
CVE-2021-44907
2022-03-17 21:15:07
CVE-2021-23343
2021-05-04 09:15:07
alpinelinux
alpinelinux
CVE-2021-32804
2021-08-03 19:15:08
CVE-2021-32803
2021-08-03 19:15:08
osv
osv
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
2021-08-03 19:06:36
CVE-2021-32804
2021-08-03 19:15:08
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
cvelist
cvelist
CVE-2021-32804 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
2021-08-03 19:10:12
CVE-2021-44907
2022-03-17 20:43:10
CVE-2021-23343 Regular Expression Denial of Service (ReDoS)
2021-05-04 00:00:00
nvd
nvd
CVE-2021-32804
2021-08-03 19:15:08
CVE-2021-44907
2022-03-17 21:15:07
CVE-2021-23343
2021-05-04 09:15:07
github
github
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
2021-08-03 19:06:36
Regular Expression Denial of Service in path-parse
2021-08-10 15:33:47
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
2021-08-03 19:00:40
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2022-04-27 14:52:48
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
2022-04-20 14:01:14
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2022-05-24 18:37:42
redhatcve
redhatcve
CVE-2021-44907
2022-03-18 13:43:14
CVE-2021-23343
2021-05-04 14:31:14
CVE-2021-32804
2021-08-05 11:20:19
rocky
rocky
nodejs:12 security and bug fix update
2021-09-21 12:33:58
nodejs:14 security and bug fix update
2021-09-27 06:47:35
mageia
mageia
Updated nodejs-tar packages fix security vulnerability
2022-03-21 23:18:30
Updated nodejs-minimist packages fix security vulnerability
2023-02-07 03:06:39
oraclelinux
oraclelinux
nodejs:14 security and bug fix update
2021-09-27 00:00:00
nodejs:12 security and bug fix update
2021-09-22 00:00:00
redhat
redhat
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
(RHSA-2021:3666) Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
(RHSA-2023:0050) Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 14:24:14
almalinux
almalinux
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-03-18 08:39:43
Regular Expression Denial Of Service (ReDoS)
2021-05-05 05:46:25
Privilege Escalation
2021-08-05 05:45:17
nodejs
nodejs
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
2021-08-03 18:14:17
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
2021-08-03 18:11:06
Regular Expression Denial of Service in path-parse
2021-08-10 15:59:47
githubexploit
githubexploit
Exploit for Path Traversal in Tar Project Tar
2021-08-31 04:32:38
Exploit for Prototype Pollution in Substack Minimist
2023-10-02 15:20:35
redos
redos
ROS-20240507-05
2024-05-07 00:00:00
ubuntu
ubuntu
Tar for Node.js vulnerability
2022-02-11 00:00:00
JSON Schema vulnerability
2023-05-24 00:00:00
hackerone
hackerone
Node.js: Prototype pollution via console.table properties
2021-12-20 00:35:48
cbl_mariner
cbl_mariner
CVE-2022-21824 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
CVE-2022-21824 affecting package nodejs for versions less than 16.14.0-1
2022-04-09 06:52:23
debian
debian
[SECURITY] [DLA 3228-1] node-json-schema security update
2022-12-06 19:15:29
huntr
huntr
Prototype Pollution in kriszyp/json-schema
2021-10-03 13:08:43
cnvd
cnvd
json-schema has an unspecified vulnerability
2021-11-16 00:00:00

0.035 Low

EPSS

Percentile

91.6%

JSON
Related for SUSE-SU-2022:1717-1
nessus33openvas25suse8ubuntucve5debiancve6prion6cve8alpinelinux2osv19cvelist8nvd6github5ibm25redhatcve7rocky2mageia2oraclelinux2redhat6almalinux3veracode7nodejs3githubexploit2redos1ubuntu2hackerone1cbl_mariner2debian1huntr1cnvd1