Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-30261 (GCVE-0-2024-30261)
Vulnerability from cvelistv5 – Published: 2024-04-04 15:09 – Updated: 2025-11-04 16:11
VLAI
EPSS
Title
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Summary
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/nodejs/undici/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nodejs/undici/commit/2b39440bd… | x_refsource_MISC |
| https://github.com/nodejs/undici/commit/d542b8cd3… | x_refsource_MISC |
| https://hackerone.com/reports/2377760 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:11:56.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672"
},
{
"name": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055"
},
{
"name": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3"
},
{
"name": "https://hackerone.com/reports/2377760",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/2377760"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0008/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:undici:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"lessThan": "6.11.1",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.28.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30261",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:04:42.490317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:06:10.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.1"
},
{
"status": "affected",
"version": "\u003c 5.28.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T23:06:39.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672"
},
{
"name": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055"
},
{
"name": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3"
},
{
"name": "https://hackerone.com/reports/2377760",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2377760"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
}
],
"source": {
"advisory": "GHSA-9qxr-qj54-h672",
"discovery": "UNKNOWN"
},
"title": "Undici\u0027s fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30261",
"datePublished": "2024-04-04T15:09:11.369Z",
"dateReserved": "2024-03-26T12:52:00.934Z",
"dateUpdated": "2025-11-04T16:11:56.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-30261",
"date": "2026-06-01",
"epss": "0.0006",
"percentile": "0.18855"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"5.28.4\", \"matchCriteriaId\": \"27A8308B-0EB3-454E-A010-12138A99119D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.11.1\", \"matchCriteriaId\": \"89E57BC8-475F-4BE0-8BB4-285512F8D177\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\"}, {\"lang\": \"es\", \"value\": \"Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Un atacante puede alterar la opci\\u00f3n `integridad` pasada a `fetch()`, permitiendo que `fetch()` acepte solicitudes como v\\u00e1lidas incluso si han sido manipuladas. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.\"}]",
"id": "CVE-2024-30261",
"lastModified": "2024-12-18T19:21:11.997",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 2.6, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 1.4}]}",
"published": "2024-04-04T15:15:39.460",
"references": "[{\"url\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/2377760\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/2377760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-30261\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-04T15:15:39.460\",\"lastModified\":\"2025-11-04T17:15:50.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\"},{\"lang\":\"es\",\"value\":\"Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Un atacante puede alterar la opci\u00f3n `integridad` pasada a `fetch()`, permitiendo que `fetch()` acepte solicitudes como v\u00e1lidas incluso si han sido manipuladas. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":2.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.28.4\",\"matchCriteriaId\":\"27A8308B-0EB3-454E-A010-12138A99119D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.11.1\",\"matchCriteriaId\":\"89E57BC8-475F-4BE0-8BB4-285512F8D177\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2377760\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2377760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240905-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"name\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"name\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://hackerone.com/reports/2377760\", \"name\": \"https://hackerone.com/reports/2377760\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:32:06.665Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-04T15:04:42.490317Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:*:*:*\"], \"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.11.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.28.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T15:06:05.518Z\"}}], \"cna\": {\"title\": \"Undici\u0027s fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect\", \"source\": {\"advisory\": \"GHSA-9qxr-qj54-h672\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.11.1\"}, {\"status\": \"affected\", \"version\": \"\u003c 5.28.4\"}]}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"name\": \"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"name\": \"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/2377760\", \"name\": \"https://hackerone.com/reports/2377760\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-04-04T15:09:11.369Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-30261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-04T15:06:10.584Z\", \"dateReserved\": \"2024-03-26T12:52:00.934Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-04T15:09:11.369Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:1931
Vulnerability from csaf_redhat - Published: 2025-02-27 16:14 - Updated: 2026-03-20 17:32Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.
Severity
Moderate
Notes
Topic: Red Hat Developer Hub 1.4.2 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.
CWE-284 - Improper Access ControlAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64 | — |
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1931",
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-30261",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.",
"tracking": {
"current_release_date": "2026-03-20T17:32:34+00:00",
"generator": {
"date": "2026-03-20T17:32:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:1931",
"initial_release_date": "2025-02-27T16:14:24+00:00",
"revision_history": [
{
"date": "2025-02-27T16:14:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-05T14:04:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-20T17:32:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
SUSE-SU-2024:1301-1
Vulnerability from csaf_suse - Published: 2024-04-16 01:33 - Updated: 2024-04-16 01:33Summary
Security update for nodejs20
Severity
Important
Notes
Title of the patch: Security update for nodejs20
Description of the patch: This update for nodejs20 fixes the following issues:
Update to 20.12.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames: SUSE-2024-1301,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1301,openSUSE-SLE-15.5-2024-1301
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.12.1\n\nSecurity fixes:\n\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1301,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1301,openSUSE-SLE-15.5-2024-1301",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1301-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1301-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1301-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034986.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220053",
"url": "https://bugzilla.suse.com/1220053"
},
{
"category": "self",
"summary": "SUSE Bug 1222244",
"url": "https://bugzilla.suse.com/1222244"
},
{
"category": "self",
"summary": "SUSE Bug 1222384",
"url": "https://bugzilla.suse.com/1222384"
},
{
"category": "self",
"summary": "SUSE Bug 1222530",
"url": "https://bugzilla.suse.com/1222530"
},
{
"category": "self",
"summary": "SUSE Bug 1222603",
"url": "https://bugzilla.suse.com/1222603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30260 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30261/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2024-04-16T01:33:32Z",
"generator": {
"date": "2024-04-16T01:33:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1301-1",
"initial_release_date": "2024-04-16T01:33:32Z",
"revision_history": [
{
"date": "2024-04-16T01:33:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.12.1-150500.11.9.2.aarch64",
"product": {
"name": "corepack20-20.12.1-150500.11.9.2.aarch64",
"product_id": "corepack20-20.12.1-150500.11.9.2.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.12.1-150500.11.9.2.aarch64",
"product": {
"name": "nodejs20-20.12.1-150500.11.9.2.aarch64",
"product_id": "nodejs20-20.12.1-150500.11.9.2.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"product": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"product_id": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.12.1-150500.11.9.2.aarch64",
"product": {
"name": "npm20-20.12.1-150500.11.9.2.aarch64",
"product_id": "npm20-20.12.1-150500.11.9.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.12.1-150500.11.9.2.i586",
"product": {
"name": "corepack20-20.12.1-150500.11.9.2.i586",
"product_id": "corepack20-20.12.1-150500.11.9.2.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.12.1-150500.11.9.2.i586",
"product": {
"name": "nodejs20-20.12.1-150500.11.9.2.i586",
"product_id": "nodejs20-20.12.1-150500.11.9.2.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.12.1-150500.11.9.2.i586",
"product": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.i586",
"product_id": "nodejs20-devel-20.12.1-150500.11.9.2.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.12.1-150500.11.9.2.i586",
"product": {
"name": "npm20-20.12.1-150500.11.9.2.i586",
"product_id": "npm20-20.12.1-150500.11.9.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"product": {
"name": "nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"product_id": "nodejs20-docs-20.12.1-150500.11.9.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.12.1-150500.11.9.2.ppc64le",
"product": {
"name": "corepack20-20.12.1-150500.11.9.2.ppc64le",
"product_id": "corepack20-20.12.1-150500.11.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.12.1-150500.11.9.2.ppc64le",
"product": {
"name": "nodejs20-20.12.1-150500.11.9.2.ppc64le",
"product_id": "nodejs20-20.12.1-150500.11.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"product": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"product_id": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.12.1-150500.11.9.2.ppc64le",
"product": {
"name": "npm20-20.12.1-150500.11.9.2.ppc64le",
"product_id": "npm20-20.12.1-150500.11.9.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.12.1-150500.11.9.2.s390x",
"product": {
"name": "corepack20-20.12.1-150500.11.9.2.s390x",
"product_id": "corepack20-20.12.1-150500.11.9.2.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.12.1-150500.11.9.2.s390x",
"product": {
"name": "nodejs20-20.12.1-150500.11.9.2.s390x",
"product_id": "nodejs20-20.12.1-150500.11.9.2.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"product": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"product_id": "nodejs20-devel-20.12.1-150500.11.9.2.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.12.1-150500.11.9.2.s390x",
"product": {
"name": "npm20-20.12.1-150500.11.9.2.s390x",
"product_id": "npm20-20.12.1-150500.11.9.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.12.1-150500.11.9.2.x86_64",
"product": {
"name": "corepack20-20.12.1-150500.11.9.2.x86_64",
"product_id": "corepack20-20.12.1-150500.11.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.12.1-150500.11.9.2.x86_64",
"product": {
"name": "nodejs20-20.12.1-150500.11.9.2.x86_64",
"product_id": "nodejs20-20.12.1-150500.11.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"product": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"product_id": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.12.1-150500.11.9.2.x86_64",
"product": {
"name": "npm20-20.12.1-150500.11.9.2.x86_64",
"product_id": "npm20-20.12.1-150500.11.9.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.12.1-150500.11.9.2.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch"
},
"product_reference": "nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "corepack20-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "corepack20-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "corepack20-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "corepack20-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "nodejs20-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.12.1-150500.11.9.2.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch"
},
"product_reference": "nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
},
"product_reference": "npm20-20.12.1-150500.11.9.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24806"
}
],
"notes": [
{
"category": "general",
"text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24806",
"url": "https://www.suse.com/security/cve/CVE-2024-24806"
},
{
"category": "external",
"summary": "SUSE Bug 1219724 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1219724"
},
{
"category": "external",
"summary": "SUSE Bug 1220056 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1220056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T01:33:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-24806"
},
{
"cve": "CVE-2024-27982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27982"
}
],
"notes": [
{
"category": "general",
"text": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27982",
"url": "https://www.suse.com/security/cve/CVE-2024-27982"
},
{
"category": "external",
"summary": "SUSE Bug 1222384 for CVE-2024-27982",
"url": "https://bugzilla.suse.com/1222384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T01:33:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-27982"
},
{
"cve": "CVE-2024-27983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27983"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27983",
"url": "https://www.suse.com/security/cve/CVE-2024-27983"
},
{
"category": "external",
"summary": "SUSE Bug 1222244 for CVE-2024-27983",
"url": "https://bugzilla.suse.com/1222244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T01:33:32Z",
"details": "important"
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-30260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30260"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30260",
"url": "https://www.suse.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "SUSE Bug 1222530 for CVE-2024-30260",
"url": "https://bugzilla.suse.com/1222530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T01:33:32Z",
"details": "low"
}
],
"title": "CVE-2024-30260"
},
{
"cve": "CVE-2024-30261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30261"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30261",
"url": "https://www.suse.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "SUSE Bug 1222603 for CVE-2024-30261",
"url": "https://bugzilla.suse.com/1222603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64",
"openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x",
"openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T01:33:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-30261"
}
]
}
SUSE-SU-2024:1307-1
Vulnerability from csaf_suse - Published: 2024-04-16 09:32 - Updated: 2024-04-16 09:32Summary
Security update for nodejs18
Severity
Important
Notes
Title of the patch: Security update for nodejs18
Description of the patch: This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames: SUSE-2024-1307,SUSE-SLE-Module-Web-Scripting-12-2024-1307
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.1\n\nSecurity fixes:\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1307,SUSE-SLE-Module-Web-Scripting-12-2024-1307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1307-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1307-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1307-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034991.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220053",
"url": "https://bugzilla.suse.com/1220053"
},
{
"category": "self",
"summary": "SUSE Bug 1222244",
"url": "https://bugzilla.suse.com/1222244"
},
{
"category": "self",
"summary": "SUSE Bug 1222384",
"url": "https://bugzilla.suse.com/1222384"
},
{
"category": "self",
"summary": "SUSE Bug 1222530",
"url": "https://bugzilla.suse.com/1222530"
},
{
"category": "self",
"summary": "SUSE Bug 1222603",
"url": "https://bugzilla.suse.com/1222603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30260 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30261/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2024-04-16T09:32:01Z",
"generator": {
"date": "2024-04-16T09:32:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1307-1",
"initial_release_date": "2024-04-16T09:32:01Z",
"revision_history": [
{
"date": "2024-04-16T09:32:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-8.21.1.aarch64",
"product": {
"name": "corepack18-18.20.1-8.21.1.aarch64",
"product_id": "corepack18-18.20.1-8.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-8.21.1.aarch64",
"product": {
"name": "nodejs18-18.20.1-8.21.1.aarch64",
"product_id": "nodejs18-18.20.1-8.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-8.21.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.1-8.21.1.aarch64",
"product_id": "nodejs18-devel-18.20.1-8.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-8.21.1.aarch64",
"product": {
"name": "npm18-18.20.1-8.21.1.aarch64",
"product_id": "npm18-18.20.1-8.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-8.21.1.i586",
"product": {
"name": "corepack18-18.20.1-8.21.1.i586",
"product_id": "corepack18-18.20.1-8.21.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-8.21.1.i586",
"product": {
"name": "nodejs18-18.20.1-8.21.1.i586",
"product_id": "nodejs18-18.20.1-8.21.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-8.21.1.i586",
"product": {
"name": "nodejs18-devel-18.20.1-8.21.1.i586",
"product_id": "nodejs18-devel-18.20.1-8.21.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-8.21.1.i586",
"product": {
"name": "npm18-18.20.1-8.21.1.i586",
"product_id": "npm18-18.20.1-8.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.1-8.21.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.1-8.21.1.noarch",
"product_id": "nodejs18-docs-18.20.1-8.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-8.21.1.ppc64le",
"product": {
"name": "corepack18-18.20.1-8.21.1.ppc64le",
"product_id": "corepack18-18.20.1-8.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-8.21.1.ppc64le",
"product": {
"name": "nodejs18-18.20.1-8.21.1.ppc64le",
"product_id": "nodejs18-18.20.1-8.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-8.21.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.1-8.21.1.ppc64le",
"product_id": "nodejs18-devel-18.20.1-8.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-8.21.1.ppc64le",
"product": {
"name": "npm18-18.20.1-8.21.1.ppc64le",
"product_id": "npm18-18.20.1-8.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-8.21.1.s390x",
"product": {
"name": "corepack18-18.20.1-8.21.1.s390x",
"product_id": "corepack18-18.20.1-8.21.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-8.21.1.s390x",
"product": {
"name": "nodejs18-18.20.1-8.21.1.s390x",
"product_id": "nodejs18-18.20.1-8.21.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-8.21.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.1-8.21.1.s390x",
"product_id": "nodejs18-devel-18.20.1-8.21.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-8.21.1.s390x",
"product": {
"name": "npm18-18.20.1-8.21.1.s390x",
"product_id": "npm18-18.20.1-8.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-8.21.1.x86_64",
"product": {
"name": "corepack18-18.20.1-8.21.1.x86_64",
"product_id": "corepack18-18.20.1-8.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-8.21.1.x86_64",
"product": {
"name": "nodejs18-18.20.1-8.21.1.x86_64",
"product_id": "nodejs18-18.20.1-8.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-8.21.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.1-8.21.1.x86_64",
"product_id": "nodejs18-devel-18.20.1-8.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-8.21.1.x86_64",
"product": {
"name": "npm18-18.20.1-8.21.1.x86_64",
"product_id": "npm18-18.20.1-8.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64"
},
"product_reference": "nodejs18-18.20.1-8.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le"
},
"product_reference": "nodejs18-18.20.1-8.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x"
},
"product_reference": "nodejs18-18.20.1-8.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64"
},
"product_reference": "nodejs18-18.20.1-8.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-8.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-8.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.1-8.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-8.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-8.21.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-8.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64"
},
"product_reference": "npm18-18.20.1-8.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le"
},
"product_reference": "npm18-18.20.1-8.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x"
},
"product_reference": "npm18-18.20.1-8.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
},
"product_reference": "npm18-18.20.1-8.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24806"
}
],
"notes": [
{
"category": "general",
"text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24806",
"url": "https://www.suse.com/security/cve/CVE-2024-24806"
},
{
"category": "external",
"summary": "SUSE Bug 1219724 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1219724"
},
{
"category": "external",
"summary": "SUSE Bug 1220056 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1220056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-24806"
},
{
"cve": "CVE-2024-27982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27982"
}
],
"notes": [
{
"category": "general",
"text": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27982",
"url": "https://www.suse.com/security/cve/CVE-2024-27982"
},
{
"category": "external",
"summary": "SUSE Bug 1222384 for CVE-2024-27982",
"url": "https://bugzilla.suse.com/1222384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-27982"
},
{
"cve": "CVE-2024-27983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27983"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27983",
"url": "https://www.suse.com/security/cve/CVE-2024-27983"
},
{
"category": "external",
"summary": "SUSE Bug 1222244 for CVE-2024-27983",
"url": "https://bugzilla.suse.com/1222244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:01Z",
"details": "important"
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-30260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30260"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30260",
"url": "https://www.suse.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "SUSE Bug 1222530 for CVE-2024-30260",
"url": "https://bugzilla.suse.com/1222530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:01Z",
"details": "low"
}
],
"title": "CVE-2024-30260"
},
{
"cve": "CVE-2024-30261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30261"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30261",
"url": "https://www.suse.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "SUSE Bug 1222603 for CVE-2024-30261",
"url": "https://bugzilla.suse.com/1222603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-30261"
}
]
}
SUSE-SU-2024:1309-1
Vulnerability from csaf_suse - Published: 2024-04-16 09:32 - Updated: 2024-04-16 09:32Summary
Security update for nodejs18
Severity
Important
Notes
Title of the patch: Security update for nodejs18
Description of the patch: This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames: SUSE-2024-1309,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1309,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1309,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1309,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1309,openSUSE-SLE-15.5-2024-1309
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.1\n\nSecurity fixes:\n\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1309,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1309,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1309,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1309,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1309,openSUSE-SLE-15.5-2024-1309",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1309-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1309-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241309-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1309-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034989.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220053",
"url": "https://bugzilla.suse.com/1220053"
},
{
"category": "self",
"summary": "SUSE Bug 1222244",
"url": "https://bugzilla.suse.com/1222244"
},
{
"category": "self",
"summary": "SUSE Bug 1222384",
"url": "https://bugzilla.suse.com/1222384"
},
{
"category": "self",
"summary": "SUSE Bug 1222530",
"url": "https://bugzilla.suse.com/1222530"
},
{
"category": "self",
"summary": "SUSE Bug 1222603",
"url": "https://bugzilla.suse.com/1222603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30260 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30261/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2024-04-16T09:32:58Z",
"generator": {
"date": "2024-04-16T09:32:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1309-1",
"initial_release_date": "2024-04-16T09:32:58Z",
"revision_history": [
{
"date": "2024-04-16T09:32:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-150400.9.21.3.aarch64",
"product": {
"name": "corepack18-18.20.1-150400.9.21.3.aarch64",
"product_id": "corepack18-18.20.1-150400.9.21.3.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"product": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"product_id": "nodejs18-18.20.1-150400.9.21.3.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"product": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"product_id": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-150400.9.21.3.aarch64",
"product": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64",
"product_id": "npm18-18.20.1-150400.9.21.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-150400.9.21.3.i586",
"product": {
"name": "corepack18-18.20.1-150400.9.21.3.i586",
"product_id": "corepack18-18.20.1-150400.9.21.3.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-150400.9.21.3.i586",
"product": {
"name": "nodejs18-18.20.1-150400.9.21.3.i586",
"product_id": "nodejs18-18.20.1-150400.9.21.3.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-150400.9.21.3.i586",
"product": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.i586",
"product_id": "nodejs18-devel-18.20.1-150400.9.21.3.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-150400.9.21.3.i586",
"product": {
"name": "npm18-18.20.1-150400.9.21.3.i586",
"product_id": "npm18-18.20.1-150400.9.21.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"product": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"product_id": "nodejs18-docs-18.20.1-150400.9.21.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-150400.9.21.3.ppc64le",
"product": {
"name": "corepack18-18.20.1-150400.9.21.3.ppc64le",
"product_id": "corepack18-18.20.1-150400.9.21.3.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"product": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"product_id": "nodejs18-18.20.1-150400.9.21.3.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"product_id": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-150400.9.21.3.ppc64le",
"product": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le",
"product_id": "npm18-18.20.1-150400.9.21.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-150400.9.21.3.s390x",
"product": {
"name": "corepack18-18.20.1-150400.9.21.3.s390x",
"product_id": "corepack18-18.20.1-150400.9.21.3.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-150400.9.21.3.s390x",
"product": {
"name": "nodejs18-18.20.1-150400.9.21.3.s390x",
"product_id": "nodejs18-18.20.1-150400.9.21.3.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"product": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"product_id": "nodejs18-devel-18.20.1-150400.9.21.3.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-150400.9.21.3.s390x",
"product": {
"name": "npm18-18.20.1-150400.9.21.3.s390x",
"product_id": "npm18-18.20.1-150400.9.21.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.1-150400.9.21.3.x86_64",
"product": {
"name": "corepack18-18.20.1-150400.9.21.3.x86_64",
"product_id": "corepack18-18.20.1-150400.9.21.3.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"product": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"product_id": "nodejs18-18.20.1-150400.9.21.3.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"product": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"product_id": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.1-150400.9.21.3.x86_64",
"product": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64",
"product_id": "npm18-18.20.1-150400.9.21.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "corepack18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "corepack18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "corepack18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "corepack18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch"
},
"product_reference": "nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
},
"product_reference": "npm18-18.20.1-150400.9.21.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24806"
}
],
"notes": [
{
"category": "general",
"text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24806",
"url": "https://www.suse.com/security/cve/CVE-2024-24806"
},
{
"category": "external",
"summary": "SUSE Bug 1219724 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1219724"
},
{
"category": "external",
"summary": "SUSE Bug 1220056 for CVE-2024-24806",
"url": "https://bugzilla.suse.com/1220056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-24806"
},
{
"cve": "CVE-2024-27982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27982"
}
],
"notes": [
{
"category": "general",
"text": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27982",
"url": "https://www.suse.com/security/cve/CVE-2024-27982"
},
{
"category": "external",
"summary": "SUSE Bug 1222384 for CVE-2024-27982",
"url": "https://bugzilla.suse.com/1222384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-27982"
},
{
"cve": "CVE-2024-27983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27983"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27983",
"url": "https://www.suse.com/security/cve/CVE-2024-27983"
},
{
"category": "external",
"summary": "SUSE Bug 1222244 for CVE-2024-27983",
"url": "https://bugzilla.suse.com/1222244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:58Z",
"details": "important"
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-30260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30260"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30260",
"url": "https://www.suse.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "SUSE Bug 1222530 for CVE-2024-30260",
"url": "https://bugzilla.suse.com/1222530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:58Z",
"details": "low"
}
],
"title": "CVE-2024-30260"
},
{
"cve": "CVE-2024-30261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30261"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30261",
"url": "https://www.suse.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "SUSE Bug 1222603 for CVE-2024-30261",
"url": "https://bugzilla.suse.com/1222603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x",
"SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64",
"openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x",
"openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T09:32:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-30261"
}
]
}
SUSE-SU-2024:1836-1
Vulnerability from csaf_suse - Published: 2024-05-29 12:10 - Updated: 2024-05-29 12:10Summary
Security update for nodejs16
Severity
Low
Notes
Title of the patch: Security update for nodejs16
Description of the patch: This update for nodejs16 fixes the following issues:
- CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (bsc#1222530)
- CVE-2024-30261: undici: Ensure that integrity cannot be tampered with (bsc#1222603)
Patchnames: SUSE-2024-1836,SUSE-SLE-Module-Web-Scripting-12-2024-1836
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs16 fixes the following issues:\n\n- CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (bsc#1222530)\n- CVE-2024-30261: undici: Ensure that integrity cannot be tampered with (bsc#1222603)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1836,SUSE-SLE-Module-Web-Scripting-12-2024-1836",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1836-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1836-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241836-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1836-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018620.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222530",
"url": "https://bugzilla.suse.com/1222530"
},
{
"category": "self",
"summary": "SUSE Bug 1222603",
"url": "https://bugzilla.suse.com/1222603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30260 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-30261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-30261/"
}
],
"title": "Security update for nodejs16",
"tracking": {
"current_release_date": "2024-05-29T12:10:53Z",
"generator": {
"date": "2024-05-29T12:10:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1836-1",
"initial_release_date": "2024-05-29T12:10:53Z",
"revision_history": [
{
"date": "2024-05-29T12:10:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack16-16.20.2-8.45.1.aarch64",
"product": {
"name": "corepack16-16.20.2-8.45.1.aarch64",
"product_id": "corepack16-16.20.2-8.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs16-16.20.2-8.45.1.aarch64",
"product": {
"name": "nodejs16-16.20.2-8.45.1.aarch64",
"product_id": "nodejs16-16.20.2-8.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs16-devel-16.20.2-8.45.1.aarch64",
"product": {
"name": "nodejs16-devel-16.20.2-8.45.1.aarch64",
"product_id": "nodejs16-devel-16.20.2-8.45.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm16-16.20.2-8.45.1.aarch64",
"product": {
"name": "npm16-16.20.2-8.45.1.aarch64",
"product_id": "npm16-16.20.2-8.45.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack16-16.20.2-8.45.1.i586",
"product": {
"name": "corepack16-16.20.2-8.45.1.i586",
"product_id": "corepack16-16.20.2-8.45.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs16-16.20.2-8.45.1.i586",
"product": {
"name": "nodejs16-16.20.2-8.45.1.i586",
"product_id": "nodejs16-16.20.2-8.45.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs16-devel-16.20.2-8.45.1.i586",
"product": {
"name": "nodejs16-devel-16.20.2-8.45.1.i586",
"product_id": "nodejs16-devel-16.20.2-8.45.1.i586"
}
},
{
"category": "product_version",
"name": "npm16-16.20.2-8.45.1.i586",
"product": {
"name": "npm16-16.20.2-8.45.1.i586",
"product_id": "npm16-16.20.2-8.45.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs16-docs-16.20.2-8.45.1.noarch",
"product": {
"name": "nodejs16-docs-16.20.2-8.45.1.noarch",
"product_id": "nodejs16-docs-16.20.2-8.45.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack16-16.20.2-8.45.1.ppc64le",
"product": {
"name": "corepack16-16.20.2-8.45.1.ppc64le",
"product_id": "corepack16-16.20.2-8.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs16-16.20.2-8.45.1.ppc64le",
"product": {
"name": "nodejs16-16.20.2-8.45.1.ppc64le",
"product_id": "nodejs16-16.20.2-8.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs16-devel-16.20.2-8.45.1.ppc64le",
"product": {
"name": "nodejs16-devel-16.20.2-8.45.1.ppc64le",
"product_id": "nodejs16-devel-16.20.2-8.45.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm16-16.20.2-8.45.1.ppc64le",
"product": {
"name": "npm16-16.20.2-8.45.1.ppc64le",
"product_id": "npm16-16.20.2-8.45.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack16-16.20.2-8.45.1.s390x",
"product": {
"name": "corepack16-16.20.2-8.45.1.s390x",
"product_id": "corepack16-16.20.2-8.45.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs16-16.20.2-8.45.1.s390x",
"product": {
"name": "nodejs16-16.20.2-8.45.1.s390x",
"product_id": "nodejs16-16.20.2-8.45.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs16-devel-16.20.2-8.45.1.s390x",
"product": {
"name": "nodejs16-devel-16.20.2-8.45.1.s390x",
"product_id": "nodejs16-devel-16.20.2-8.45.1.s390x"
}
},
{
"category": "product_version",
"name": "npm16-16.20.2-8.45.1.s390x",
"product": {
"name": "npm16-16.20.2-8.45.1.s390x",
"product_id": "npm16-16.20.2-8.45.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack16-16.20.2-8.45.1.x86_64",
"product": {
"name": "corepack16-16.20.2-8.45.1.x86_64",
"product_id": "corepack16-16.20.2-8.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs16-16.20.2-8.45.1.x86_64",
"product": {
"name": "nodejs16-16.20.2-8.45.1.x86_64",
"product_id": "nodejs16-16.20.2-8.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs16-devel-16.20.2-8.45.1.x86_64",
"product": {
"name": "nodejs16-devel-16.20.2-8.45.1.x86_64",
"product_id": "nodejs16-devel-16.20.2-8.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm16-16.20.2-8.45.1.x86_64",
"product": {
"name": "npm16-16.20.2-8.45.1.x86_64",
"product_id": "npm16-16.20.2-8.45.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64"
},
"product_reference": "nodejs16-16.20.2-8.45.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le"
},
"product_reference": "nodejs16-16.20.2-8.45.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x"
},
"product_reference": "nodejs16-16.20.2-8.45.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64"
},
"product_reference": "nodejs16-16.20.2-8.45.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-devel-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64"
},
"product_reference": "nodejs16-devel-16.20.2-8.45.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-devel-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le"
},
"product_reference": "nodejs16-devel-16.20.2-8.45.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-devel-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x"
},
"product_reference": "nodejs16-devel-16.20.2-8.45.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-devel-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64"
},
"product_reference": "nodejs16-devel-16.20.2-8.45.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs16-docs-16.20.2-8.45.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch"
},
"product_reference": "nodejs16-docs-16.20.2-8.45.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm16-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64"
},
"product_reference": "npm16-16.20.2-8.45.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm16-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le"
},
"product_reference": "npm16-16.20.2-8.45.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm16-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x"
},
"product_reference": "npm16-16.20.2-8.45.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm16-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
},
"product_reference": "npm16-16.20.2-8.45.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30260"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30260",
"url": "https://www.suse.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "SUSE Bug 1222530 for CVE-2024-30260",
"url": "https://bugzilla.suse.com/1222530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-29T12:10:53Z",
"details": "low"
}
],
"title": "CVE-2024-30260"
},
{
"cve": "CVE-2024-30261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-30261"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-30261",
"url": "https://www.suse.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "SUSE Bug 1222603 for CVE-2024-30261",
"url": "https://bugzilla.suse.com/1222603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-29T12:10:53Z",
"details": "moderate"
}
],
"title": "CVE-2024-30261"
}
]
}
WID-SEC-W-2024-0956
Vulnerability from csaf_certbund - Published: 2024-04-23 22:00 - Updated: 2024-05-12 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0956 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0956 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-23",
"url": "https://www.ibm.com/support/pages/node/7149177"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-23",
"url": "https://www.ibm.com/support/pages/node/7149179"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150843 vom 2024-05-10",
"url": "https://www.ibm.com/support/pages/node/7150843"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:08:07.080+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0956",
"initial_release_date": "2024-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.5.0",
"product": {
"name": "IBM App Connect Enterprise \u003c11.5.0",
"product_id": "T034375"
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.17 LTS",
"product": {
"name": "IBM App Connect Enterprise \u003c5.0.17 LTS",
"product_id": "T034376"
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29041",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032495"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-29041"
},
{
"cve": "CVE-2024-30260",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032495"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-30260"
},
{
"cve": "CVE-2024-30261",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032495"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-30261"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…