Bugs fixes in "nodejs"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2022-32214 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. T | 2023-11-21 |
| CVE | CVE-2022-32213 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and | 2023-11-21 |
| CVE | CVE-2022-32212 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil | 2023-11-21 |
| CVE | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | 2023-10-30 |
| CVE | CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ... | 2023-10-30 |
| CVE | CVE-2022-2068 | The c_rehash script allows command injection | 2023-10-30 |
| CVE | CVE-2022-1292 | The c_rehash script does not properly sanitise shell metacharacters to ... | 2023-10-30 |
| CVE | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | 2023-10-30 |
| CVE | CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ... | 2023-10-30 |
| CVE | CVE-2022-2068 | The c_rehash script allows command injection | 2023-10-30 |
| CVE | CVE-2022-1292 | The c_rehash script does not properly sanitise shell metacharacters to ... | 2023-10-30 |
| CVE | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6 | 2023-10-05 |
| CVE | CVE-2021-22883 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownP | 2023-10-05 |
| CVE | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6 | 2023-10-05 |
| CVE | CVE-2021-22883 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownP | 2023-10-05 |
| CVE | CVE-2020-8287 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding h | 2023-09-19 |
| CVE | CVE-2020-8265 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS ena | 2023-09-19 |
| CVE | CVE-2020-8174 | napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | 2023-09-19 |
| CVE | CVE-2020-8287 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding h | 2023-09-19 |
| CVE | CVE-2020-8265 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS ena | 2023-09-19 |
About
-
Send Feedback to @ubuntu_updates
