{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs10":"10.24.1-1.36.1","nodejs10-devel":"10.24.1-1.36.1","nodejs10-docs":"10.24.1-1.36.1","npm10":"10.24.1-1.36.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"nodejs10","purl":"pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.24.1-1.36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs10 fixes the following issues:\n\nUpdate nodejs10 to 10.24.1.\n\nIncluding fixes for \n\n- CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973)\n- CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976)\n- CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977)\n- CVE-2020-7774: y18n Prototype Pollution (bsc#1184450)\n- CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851)\n- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852)\n- reduce memory footprint of test-worker-stdio (bsc#1183155)\n","id":"openSUSE-SU-2021:2353-1","modified":"2021-07-15T13:18:04Z","published":"2021-07-15T13:18:04Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVLFLECFVPSHO4SQBVWDO2CBAU5LB7IS/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183852"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187973"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187976"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7774"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-27290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3449"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3450"}],"related":["CVE-2020-7774","CVE-2021-22918","CVE-2021-23362","CVE-2021-27290","CVE-2021-3449","CVE-2021-3450"],"summary":"Security update for nodejs10","upstream":["CVE-2020-7774","CVE-2021-22918","CVE-2021-23362","CVE-2021-27290","CVE-2021-3449","CVE-2021-3450"]}