Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
patchinfo.22934
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.22934
<patchinfo incident="22934"> <issue tracker="cve" id="2021-32804"/> <issue tracker="cve" id="2021-23343"/> <issue tracker="cve" id="2021-32803"/> <issue tracker="cve" id="2021-3807"/> <issue tracker="cve" id="2021-3918"/> <issue tracker="bnc" id="1191963">VUL-0: CVE-2021-32803: nodejs14,nodejs12,nodejs6,nodejs4,nodejs10,nodejs8: node-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite</issue> <issue tracker="bnc" id="1192154">VUL-0: CVE-2021-3807: nodejs12,nodejs4,nodejs6,nodejs8,nodejs10,nodejs14: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes</issue> <issue tracker="bnc" id="1192696">VUL-0: CVE-2021-3918: nodejs14, nodejs10, nodejs12, nodejs8: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')</issue> <issue tracker="bnc" id="1192153">VUL-0: CVE-2021-23343: nodejs4,nodejs8,nodejs6,nodejs10,nodejs14,nodejs12: node-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe</issue> <issue tracker="bnc" id="1191962">VUL-0: CVE-2021-32804: nodejs12,nodejs8,nodejs14,nodejs4,nodejs10,nodejs6: node-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite</issue> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for nodejs14</summary> <description>This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor