SUSE-SU-2024:4300-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20244300-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4300-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:4300-1
- Related
- Published
- 2024-12-12T08:10:13Z
- Modified
- 2025-05-02T04:36:23.770785Z
- Upstream
- Summary
- Security update for nodejs20
- Details
-
This update for nodejs20 fixes the following issues:
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Other fixes: - Updated to 20.18.1: * Experimental Network Inspection Support in Node.js * Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext * New option for vm.createContext() to create a context with a freezable globalThis * buffer: optimize createFromString - Changes in 20.17.0: * module: support require()ing synchronous ESM graphs * path: add matchesGlob method * stream: expose DuplexPair API - Changes in 20.16.0: * process: add process.getBuiltinModule(id) * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob
- References
Affected packages
SUSE:Linux Enterprise Module for Web and Scripting 15 SP5 / nodejs20
Package
- Name
- nodejs20
- Purl
- pkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5