SUSE-SU-2024:4272-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2024/suse-su-20244272-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4272-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2024:4272-1

Related

CVE-2024-21538

Published

2024-12-10T09:12:04Z

Modified

2025-05-02T04:36:23.648160Z

Upstream

CVE-2024-21538

Summary

Security update for nodejs18

Details

This update for nodejs18 fixes the following issues:

CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Update to 18.20.5
- esm: mark import attributes and JSON module as stable
- deps:
  - upgrade npm to 10.8.2
  - update simdutf to 5.6.0
  - update brotli to 1.1.0
  - update ada to 2.8.0
  - update acorn to 8.13.0
  - update acorn-walk to 8.3.4
  - update c-ares to 1.29.0

References

Affected packages

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / nodejs18

Package

Name: nodejs18
Purl: pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.20.5-8.30.1

Ecosystem specific

{
    "binaries": [
        {
            "nodejs18": "18.20.5-8.30.1",
            "npm18": "18.20.5-8.30.1",
            "nodejs18-devel": "18.20.5-8.30.1",
            "nodejs18-docs": "18.20.5-8.30.1"
        }
    ]
}