Vulnerability from csaf_suse
Published
2023-02-15 10:45
Modified
2023-02-15 10:45
Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
This update ships nodejs18 (jsc#PED-2097)
Update to NodejJS 18.13.0 LTS:
* build: disable v8 snapshot compression by default
* crypto: update root certificates
* deps: update ICU to 72.1
* doc:
+ add doc-only deprecation for headers/trailers setters
+ add Rafael to the tsc
+ deprecate use of invalid ports in url.parse
+ deprecate url.parse()
* lib: drop fetch experimental warning
* net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options
* src:
+ add uvwasi version
+ add initial shadow realm support
* test_runner:
+ add t.after() hook
+ don't use a symbol for runHook()
* tls:
+ add 'ca' property to certificate object
* util:
+ add fast path for utf8 encoding
+ improve textdecoder decode performance
+ add MIME utilities
- Fixes compatibility with ICU 72.1 (bsc#1205236)
- Fix migration to openssl-3 (bsc#1205042)
Update to NodeJS 18.12.1 LTS:
* inspector: DNS rebinding in --inspect via invalid octal IP
(bsc#1205119, CVE-2022-43548)
Update to NodeJS 18.12.0 LTS:
* Running in 'watch' mode using node --watch restarts the process
when an imported file is changed.
* fs: add FileHandle.prototype.readLines
* http: add writeEarlyHints function to ServerResponse
* http2: make early hints generic
* util: add default value option to parsearg
Update to NodeJS 18.11.0:
* added experimental watch mode -- running in 'watch' mode using
node --watch restarts the process when an imported file is changed
* fs: add FileHandle.prototype.readLines
* http: add writeEarlyHints function to ServerResponse
* http2: make early hints generic
* lib: refactor transferable AbortSignal
* src: add detailed embedder process initialization API
* util: add default value option to parsearg
Update to NodeJS 18.10.0:
* deps: upgrade npm to 8.19.2
* http: throw error on content-length mismatch
* stream: add ReadableByteStream.tee()
Update to Nodejs 18.9.1:
* deps: llhttp updated to 6.0.10
+ CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
+ Incorrect Parsing of Multi-line Transfer-Encoding
(CVE-2022-32215, bsc#1201327)
+ Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
* crypto: fix weak randomness in WebCrypto keygen
(CVE-2022-35255, bsc#1203831)
Update to Nodejs 18.9.0:
* lib - add diagnostics channel for process and worker
* os - add machine method
* report - expose report public native apis
* src - expose environment RequestInterrupt api
* vm - include vm context in the embedded snapshot
Changes in 18.8.0:
* bootstrap: implement run-time user-land snapshots via
--build-snapshot and --snapshot-blob. See
* crypto:
+ allow zero-length IKM in HKDF and in webcrypto PBKDF2
+ allow zero-length secret KeyObject
* deps: upgrade npm to 8.18.0
* http: make idle http parser count configurable
* net: add local family
* src: print source map error source on demand
* tls: pass a valid socket on tlsClientError
Update to Nodejs 18.7.0:
* events: add CustomEvent
* http: add drop request event for http server
* lib: improved diagnostics_channel subscribe/unsubscribe
* util: add tokens to parseArgs
- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)
Update to Nodejs 18.6.0:
* Experimental ESM Loader Hooks API. For details see,
https://nodejs.org/api/esm.html
* dns: export error code constants from dns/promises
* esm: add chaining to loaders
* http: add diagnostics channel for http client
* http: add perf_hooks detail for http request and client
* module: add isBuiltIn method
* net: add drop event for net server
* test_runner: expose describe and it
* v8: add v8.startupSnapshot utils
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0
Update to Nodejs 18.5.0:
* http: stricter Transfer-Encoding and header separator parsing
(bsc#1201325, bsc#1201326, bsc#1201327,
CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
* src: fix IPv4 validation in inspector_socket
(bsc#1201328, CVE-2022-32212)
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0
Update to Nodejs 18.4.0. For detailed changes see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0
Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
Patchnames
SUSE-2023-419,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-419,openSUSE-SLE-15.4-2023-419,openSUSE-SLE-15.5-2023-419
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs18", title: "Title of the patch", }, { category: "description", text: "This update for nodejs18 fixes the following issues:\n\nThis update ships nodejs18 (jsc#PED-2097)\n\nUpdate to NodejJS 18.13.0 LTS:\n\n* build: disable v8 snapshot compression by default\n* crypto: update root certificates\n* deps: update ICU to 72.1\n* doc:\n\n + add doc-only deprecation for headers/trailers setters\n + add Rafael to the tsc\n + deprecate use of invalid ports in url.parse\n + deprecate url.parse()\n\n* lib: drop fetch experimental warning\n* net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options\n* src:\n\n + add uvwasi version\n + add initial shadow realm support\n\n* test_runner:\n\n + add t.after() hook\n + don't use a symbol for runHook()\n\n* tls:\n\n + add 'ca' property to certificate object\n\n* util:\n\n + add fast path for utf8 encoding\n + improve textdecoder decode performance\n + add MIME utilities\n\n- Fixes compatibility with ICU 72.1 (bsc#1205236)\n- Fix migration to openssl-3 (bsc#1205042)\n\nUpdate to NodeJS 18.12.1 LTS:\n\n* inspector: DNS rebinding in --inspect via invalid octal IP\n (bsc#1205119, CVE-2022-43548)\n\nUpdate to NodeJS 18.12.0 LTS:\n\n* Running in 'watch' mode using node --watch restarts the process\n when an imported file is changed.\n* fs: add FileHandle.prototype.readLines\n* http: add writeEarlyHints function to ServerResponse\n* http2: make early hints generic\n* util: add default value option to parsearg\n\nUpdate to NodeJS 18.11.0:\n\n* added experimental watch mode -- running in 'watch' mode using\n node --watch restarts the process when an imported file is changed\n* fs: add FileHandle.prototype.readLines\n* http: add writeEarlyHints function to ServerResponse\n* http2: make early hints generic\n* lib: refactor transferable AbortSignal\n* src: add detailed embedder process initialization API\n* util: add default value option to parsearg\n\nUpdate to NodeJS 18.10.0:\n\n* deps: upgrade npm to 8.19.2\n* http: throw error on content-length mismatch\n* stream: add ReadableByteStream.tee()\n\nUpdate to Nodejs 18.9.1:\n\n* deps: llhttp updated to 6.0.10\n\n + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)\n + Incorrect Parsing of Multi-line Transfer-Encoding\n (CVE-2022-32215, bsc#1201327)\n + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)\n\n* crypto: fix weak randomness in WebCrypto keygen\n (CVE-2022-35255, bsc#1203831)\n\nUpdate to Nodejs 18.9.0:\n\n* lib - add diagnostics channel for process and worker\n* os - add machine method\n* report - expose report public native apis\n* src - expose environment RequestInterrupt api\n* vm - include vm context in the embedded snapshot\n\nChanges in 18.8.0:\n\n* bootstrap: implement run-time user-land snapshots via\n --build-snapshot and --snapshot-blob. See\n* crypto:\n + allow zero-length IKM in HKDF and in webcrypto PBKDF2\n + allow zero-length secret KeyObject\n* deps: upgrade npm to 8.18.0\n* http: make idle http parser count configurable\n* net: add local family\n* src: print source map error source on demand\n* tls: pass a valid socket on tlsClientError\n\nUpdate to Nodejs 18.7.0:\n\n* events: add CustomEvent\n* http: add drop request event for http server\n* lib: improved diagnostics_channel subscribe/unsubscribe\n* util: add tokens to parseArgs\n\n- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)\n\nUpdate to Nodejs 18.6.0:\n\n* Experimental ESM Loader Hooks API. For details see,\n https://nodejs.org/api/esm.html\n* dns: export error code constants from dns/promises\n* esm: add chaining to loaders\n* http: add diagnostics channel for http client\n* http: add perf_hooks detail for http request and client\n* module: add isBuiltIn method\n* net: add drop event for net server\n* test_runner: expose describe and it\n* v8: add v8.startupSnapshot utils\n\nFor details, see\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0\n\nUpdate to Nodejs 18.5.0:\n\n* http: stricter Transfer-Encoding and header separator parsing\n (bsc#1201325, bsc#1201326, bsc#1201327,\n CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)\n* src: fix IPv4 validation in inspector_socket\n (bsc#1201328, CVE-2022-32212)\n\nFor details, see\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0\n\nUpdate to Nodejs 18.4.0. For detailed changes see,\n\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0\n\nInitial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see\nhttps://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-419,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-419,openSUSE-SLE-15.4-2023-419,openSUSE-SLE-15.5-2023-419", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0419-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0419-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230419-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0419-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013766.html", }, { category: "self", summary: "SUSE Bug 1200303", url: "https://bugzilla.suse.com/1200303", }, { category: "self", summary: "SUSE Bug 1201325", url: "https://bugzilla.suse.com/1201325", }, { category: "self", summary: "SUSE Bug 1201326", url: "https://bugzilla.suse.com/1201326", }, { category: "self", summary: "SUSE Bug 1201327", url: "https://bugzilla.suse.com/1201327", }, { category: "self", summary: "SUSE Bug 1201328", url: "https://bugzilla.suse.com/1201328", }, { category: "self", summary: "SUSE Bug 1203831", url: "https://bugzilla.suse.com/1203831", }, { category: "self", summary: "SUSE Bug 1203832", url: "https://bugzilla.suse.com/1203832", }, { category: "self", summary: "SUSE Bug 1205042", url: "https://bugzilla.suse.com/1205042", }, { category: "self", summary: "SUSE Bug 1205119", url: "https://bugzilla.suse.com/1205119", }, { category: "self", summary: "SUSE Bug 1205236", url: "https://bugzilla.suse.com/1205236", }, { category: "self", summary: "SUSE CVE CVE-2022-32212 page", url: "https://www.suse.com/security/cve/CVE-2022-32212/", }, { category: "self", summary: "SUSE CVE CVE-2022-32213 page", url: "https://www.suse.com/security/cve/CVE-2022-32213/", }, { category: "self", summary: "SUSE CVE CVE-2022-32214 page", url: "https://www.suse.com/security/cve/CVE-2022-32214/", }, { category: "self", summary: "SUSE CVE CVE-2022-32215 page", url: "https://www.suse.com/security/cve/CVE-2022-32215/", }, { category: "self", summary: "SUSE CVE CVE-2022-35255 page", url: "https://www.suse.com/security/cve/CVE-2022-35255/", }, { category: "self", summary: "SUSE CVE CVE-2022-35256 page", url: "https://www.suse.com/security/cve/CVE-2022-35256/", }, { category: "self", summary: "SUSE CVE CVE-2022-43548 page", url: "https://www.suse.com/security/cve/CVE-2022-43548/", }, ], title: "Security update for nodejs18", tracking: { current_release_date: "2023-02-15T10:45:56Z", generator: { date: "2023-02-15T10:45:56Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0419-1", initial_release_date: "2023-02-15T10:45:56Z", revision_history: [ { date: "2023-02-15T10:45:56Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack18-18.13.0-150400.9.3.1.aarch64", product: { name: "corepack18-18.13.0-150400.9.3.1.aarch64", product_id: "corepack18-18.13.0-150400.9.3.1.aarch64", }, }, { category: "product_version", name: "nodejs18-18.13.0-150400.9.3.1.aarch64", product: { name: "nodejs18-18.13.0-150400.9.3.1.aarch64", product_id: "nodejs18-18.13.0-150400.9.3.1.aarch64", }, }, { category: "product_version", name: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", product: { name: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", product_id: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", }, }, { category: "product_version", name: "npm18-18.13.0-150400.9.3.1.aarch64", product: { name: "npm18-18.13.0-150400.9.3.1.aarch64", product_id: "npm18-18.13.0-150400.9.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack18-18.13.0-150400.9.3.1.i586", product: { name: "corepack18-18.13.0-150400.9.3.1.i586", product_id: "corepack18-18.13.0-150400.9.3.1.i586", }, }, { category: "product_version", name: "nodejs18-18.13.0-150400.9.3.1.i586", product: { name: "nodejs18-18.13.0-150400.9.3.1.i586", product_id: "nodejs18-18.13.0-150400.9.3.1.i586", }, }, { category: "product_version", name: "nodejs18-devel-18.13.0-150400.9.3.1.i586", product: { name: "nodejs18-devel-18.13.0-150400.9.3.1.i586", product_id: "nodejs18-devel-18.13.0-150400.9.3.1.i586", }, }, { category: "product_version", name: "npm18-18.13.0-150400.9.3.1.i586", product: { name: "npm18-18.13.0-150400.9.3.1.i586", product_id: "npm18-18.13.0-150400.9.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", product: { name: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", product_id: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "corepack18-18.13.0-150400.9.3.1.ppc64le", product: { name: "corepack18-18.13.0-150400.9.3.1.ppc64le", product_id: "corepack18-18.13.0-150400.9.3.1.ppc64le", }, }, { category: "product_version", name: "nodejs18-18.13.0-150400.9.3.1.ppc64le", product: { name: "nodejs18-18.13.0-150400.9.3.1.ppc64le", product_id: "nodejs18-18.13.0-150400.9.3.1.ppc64le", }, }, { category: "product_version", name: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", product: { name: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", product_id: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", }, }, { category: "product_version", name: "npm18-18.13.0-150400.9.3.1.ppc64le", product: { name: "npm18-18.13.0-150400.9.3.1.ppc64le", product_id: "npm18-18.13.0-150400.9.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack18-18.13.0-150400.9.3.1.s390x", product: { name: "corepack18-18.13.0-150400.9.3.1.s390x", product_id: "corepack18-18.13.0-150400.9.3.1.s390x", }, }, { category: "product_version", name: "nodejs18-18.13.0-150400.9.3.1.s390x", product: { name: "nodejs18-18.13.0-150400.9.3.1.s390x", product_id: "nodejs18-18.13.0-150400.9.3.1.s390x", }, }, { category: "product_version", name: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", product: { name: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", product_id: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", }, }, { category: "product_version", name: "npm18-18.13.0-150400.9.3.1.s390x", product: { name: "npm18-18.13.0-150400.9.3.1.s390x", product_id: "npm18-18.13.0-150400.9.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack18-18.13.0-150400.9.3.1.x86_64", product: { name: "corepack18-18.13.0-150400.9.3.1.x86_64", product_id: "corepack18-18.13.0-150400.9.3.1.x86_64", }, }, { category: "product_version", name: "nodejs18-18.13.0-150400.9.3.1.x86_64", product: { name: "nodejs18-18.13.0-150400.9.3.1.x86_64", product_id: "nodejs18-18.13.0-150400.9.3.1.x86_64", }, }, { category: "product_version", name: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", product: { name: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", product_id: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", }, }, { category: "product_version", name: "npm18-18.13.0-150400.9.3.1.x86_64", product: { name: "npm18-18.13.0-150400.9.3.1.x86_64", product_id: "npm18-18.13.0-150400.9.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.13.0-150400.9.3.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", }, product_reference: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "npm18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "npm18-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", }, product_reference: "npm18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "npm18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "corepack18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "corepack18-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", }, product_reference: "corepack18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "corepack18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.13.0-150400.9.3.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", }, product_reference: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "npm18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", }, product_reference: "npm18-18.13.0-150400.9.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", }, product_reference: "npm18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "npm18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "corepack18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", }, product_reference: "corepack18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "corepack18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", }, product_reference: "nodejs18-devel-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.13.0-150400.9.3.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", }, product_reference: "nodejs18-docs-18.13.0-150400.9.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", }, product_reference: "npm18-18.13.0-150400.9.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", }, product_reference: "npm18-18.13.0-150400.9.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.13.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", }, product_reference: "npm18-18.13.0-150400.9.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-32212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32212", }, ], notes: [ { category: "general", text: "A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32212", url: "https://www.suse.com/security/cve/CVE-2022-32212", }, { category: "external", summary: "SUSE Bug 1201328 for CVE-2022-32212", url: "https://bugzilla.suse.com/1201328", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "important", }, ], title: "CVE-2022-32212", }, { cve: "CVE-2022-32213", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32213", }, ], notes: [ { category: "general", text: "The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32213", url: "https://www.suse.com/security/cve/CVE-2022-32213", }, { category: "external", summary: "SUSE Bug 1201325 for CVE-2022-32213", url: "https://bugzilla.suse.com/1201325", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "moderate", }, ], title: "CVE-2022-32213", }, { cve: "CVE-2022-32214", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32214", }, ], notes: [ { category: "general", text: "The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32214", url: "https://www.suse.com/security/cve/CVE-2022-32214", }, { category: "external", summary: "SUSE Bug 1201326 for CVE-2022-32214", url: "https://bugzilla.suse.com/1201326", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "moderate", }, ], title: "CVE-2022-32214", }, { cve: "CVE-2022-32215", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32215", }, ], notes: [ { category: "general", text: "The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32215", url: "https://www.suse.com/security/cve/CVE-2022-32215", }, { category: "external", summary: "SUSE Bug 1201327 for CVE-2022-32215", url: "https://bugzilla.suse.com/1201327", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "moderate", }, ], title: "CVE-2022-32215", }, { cve: "CVE-2022-35255", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35255", }, ], notes: [ { category: "general", text: "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35255", url: "https://www.suse.com/security/cve/CVE-2022-35255", }, { category: "external", summary: "SUSE Bug 1203831 for CVE-2022-35255", url: "https://bugzilla.suse.com/1203831", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "important", }, ], title: "CVE-2022-35255", }, { cve: "CVE-2022-35256", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35256", }, ], notes: [ { category: "general", text: "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35256", url: "https://www.suse.com/security/cve/CVE-2022-35256", }, { category: "external", summary: "SUSE Bug 1203832 for CVE-2022-35256", url: "https://bugzilla.suse.com/1203832", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "moderate", }, ], title: "CVE-2022-35256", }, { cve: "CVE-2022-43548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-43548", }, ], notes: [ { category: "general", text: "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-43548", url: "https://www.suse.com/security/cve/CVE-2022-43548", }, { category: "external", summary: "SUSE Bug 1205119 for CVE-2022-43548", url: "https://bugzilla.suse.com/1205119", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.4:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.ppc64le", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.4:npm18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:corepack18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.13.0-150400.9.3.1.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.13.0-150400.9.3.1.noarch", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.aarch64", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.s390x", "openSUSE Leap 15.5:npm18-18.13.0-150400.9.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-15T10:45:56Z", details: "important", }, ], title: "CVE-2022-43548", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.