{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs12":"12.22.2-1.32.1","nodejs12-devel":"12.22.2-1.32.1","nodejs12-docs":"12.22.2-1.32.1","npm12":"12.22.2-1.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"nodejs12","purl":"pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.22.2-1.32.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs12 fixes the following issues:\n\n- update to 12.22.2:\n- CVE-2021-22918: Out of bounds read (bsc#1187973)\n- CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info (bsc#1187977)\n- CVE-2021-27290: Regular Expression Denial of Service (bsc#1187976)\n- CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851)\n- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852)\n- CVE-2020-7774: npm - Update y18n to fix Prototype-Pollution (bsc#1184450)\n","id":"SUSE-SU-2021:2326-1","modified":"2021-07-14T15:07:58Z","published":"2021-07-14T15:07:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20212326-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183852"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187973"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187976"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7774"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-27290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3449"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3450"}],"related":["CVE-2020-7774","CVE-2021-22918","CVE-2021-23362","CVE-2021-27290","CVE-2021-3449","CVE-2021-3450"],"summary":"Security update for nodejs12","upstream":["CVE-2020-7774","CVE-2021-22918","CVE-2021-23362","CVE-2021-27290","CVE-2021-3449","CVE-2021-3450"]}