Bugs fixes in "nodejs"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2023-0401 | openssl: NULL dereference during PKCS7 data verification | 2024-01-03 |
| CVE | CVE-2023-0215 | openssl: Use-after-free following BIO_new_NDEF | 2024-01-03 |
| CVE | CVE-2022-4450 | openssl: Double free after calling PEM_read_bio_ex | 2024-01-03 |
| CVE | CVE-2023-0286 | openssl: X.400 address type confusion in X.509 GeneralName | 2024-01-03 |
| CVE | CVE-2022-4304 | openssl: Timing Oracle in RSA Decryption | 2024-01-03 |
| CVE | CVE-2023-0401 | openssl: NULL dereference during PKCS7 data verification | 2024-01-03 |
| CVE | CVE-2023-0215 | openssl: Use-after-free following BIO_new_NDEF | 2024-01-03 |
| CVE | CVE-2022-4450 | openssl: Double free after calling PEM_read_bio_ex | 2024-01-03 |
| CVE | CVE-2023-0286 | openssl: X.400 address type confusion in X.509 GeneralName | 2024-01-03 |
| CVE | CVE-2022-4304 | openssl: Timing Oracle in RSA Decryption | 2024-01-03 |
| CVE | CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that | 2023-11-21 |
| CVE | CVE-2022-32212 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil | 2023-11-21 |
| CVE | CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that | 2023-11-21 |
| CVE | CVE-2022-35256 | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HT | 2023-11-21 |
| CVE | CVE-2022-32215 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Thi | 2023-11-21 |
| CVE | CVE-2022-32214 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. T | 2023-11-21 |
| CVE | CVE-2022-32213 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and | 2023-11-21 |
| CVE | CVE-2022-32212 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil | 2023-11-21 |
| CVE | CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that | 2023-11-21 |
| CVE | CVE-2022-32212 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil | 2023-11-21 |
About
-
Send Feedback to @ubuntu_updates
