VDB
SUSE-SU-2021%3A2823-1
SUSE-SU-2021%3A2823-1
PUBLISHED
CVSS 9.300000190734863 CRITICAL
This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370).
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Module for Web and Scripting 12 | nodejs10 | 0, 0 |
Timeline
- Aug 24, 2021 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2021/suse-su-20212823-1/ advisory
- https://bugzilla.suse.com/1188881 report
- https://bugzilla.suse.com/1188917 report
- https://bugzilla.suse.com/1189369 report
- https://bugzilla.suse.com/1189370 report
- https://www.suse.com/security/cve/CVE-2021-22930 url
- https://www.suse.com/security/cve/CVE-2021-22931 url
- https://www.suse.com/security/cve/CVE-2021-22939 url
- https://www.suse.com/security/cve/CVE-2021-3672 url