nodejs14

nodejs/nodejs14

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Adam Majer	26e986c7a5	- CVE-2024-27983.patch - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244, CVE-2024-27983) - CVE-2024-27982.patch - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384, CVE-2024-27982) - updated dependencies: + llhttp version 6.1.1 - CVE-2024-22025.patch - test timeout adjustment OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs14?expand=0&rev=112	2024-04-12 14:11:00 +00:00
Adam Majer	1d51fd3bc7	* CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997) * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) (CVE-2024-22019, bsc#1219993) * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion in fetch() brotli decoding (CVE-2024-22025, bsc#1220014) * CVE-2024-24806.patch: fix improper domain lookup that potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs14?expand=0&rev=111	2024-02-22 12:05:45 +00:00

Author

SHA256

Message

Date

Adam Majer

26e986c7a5

- CVE-2024-27983.patch - Assertion failed in

node::http2::Http2Session::~Http2Session() leads to
  HTTP/2 server crash- (High) (bsc#1222244, CVE-2024-27983)
- CVE-2024-27982.patch - HTTP Request Smuggling via Content Length
  Obfuscation- (Medium) (bsc#1222384, CVE-2024-27982)
- updated dependencies:
  + llhttp version 6.1.1
- CVE-2024-22025.patch - test timeout adjustment

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs14?expand=0&rev=112

2024-04-12 14:11:00 +00:00

Adam Majer

1d51fd3bc7

* CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack

(timing variant of the Bleichenbacher attack against
   PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997)
 * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with
   unbounded chunk extension allows DoS attacks- (High)
   (CVE-2024-22019, bsc#1219993)
 * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion
   in fetch() brotli decoding (CVE-2024-22025, bsc#1220014)
 * CVE-2024-24806.patch: fix improper domain lookup that
   potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs14?expand=0&rev=111

2024-02-22 12:05:45 +00:00

2 Commits