{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs12":"12.22.7-4.22.1","nodejs12-devel":"12.22.7-4.22.1","nodejs12-docs":"12.22.7-4.22.1","npm12":"12.22.7-4.22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP2","name":"nodejs12","purl":"pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.22.7-4.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nodejs12":"12.22.7-4.22.1","nodejs12-devel":"12.22.7-4.22.1","nodejs12-docs":"12.22.7-4.22.1","npm12":"12.22.7-4.22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP3","name":"nodejs12","purl":"pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.22.7-4.22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs12 fixes the following issues:\n\n- CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601).\n- CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602).\n- CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). \n- CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). \n- CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). \n- CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). \n- CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). \n","id":"SUSE-SU-2021:3940-1","modified":"2021-12-06T13:43:50Z","published":"2021-12-06T13:43:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20213940-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190053"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190056"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190057"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191601"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191602"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37712"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39135"}],"related":["CVE-2021-22959","CVE-2021-22960","CVE-2021-37701","CVE-2021-37712","CVE-2021-37713","CVE-2021-39134","CVE-2021-39135"],"summary":"Security update for nodejs12","upstream":["CVE-2021-22959","CVE-2021-22960","CVE-2021-37701","CVE-2021-37712","CVE-2021-37713","CVE-2021-39134","CVE-2021-39135"]}