VDB

SUSE-SU-2020%3A1568-1

SUSE-SU-2020%3A1568-1 PUBLISHED CVSS 8.800000190734863 HIGH

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-10531: Fixed an integer overflow in UnicodeString:doAppend() (bsc#1166844). - Fixed an issue with openssl by adding getrandom syscall definition for all Linux platforms (bsc#1162117). npm was updated to 6.14.3 - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
npm10
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise Module for Web and Scripting 15 SP1
nodejs10
SUSE Linux Enterprise Module for Web and Scripting 15 SP2
SUSE Linux Enterprise High Performance Computing 15-LTSS

Timeline

  • Jun 9, 2020 CVE Published
  • May 2, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›