{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs14":"14.18.1-15.21.2","nodejs14-devel":"14.18.1-15.21.2","nodejs14-docs":"14.18.1-15.21.2","npm14":"14.18.1-15.21.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"nodejs14","purl":"pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"14.18.1-15.21.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs14 fixes the following issues:\n\nnodejs14 was updated to 14.18.1:\n\n* deps: update llhttp to 2.1.4\n\n  - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959)\n  - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)\n\nChanges in 14.18.0:\n\n  * buffer:\n\n    + introduce Blob\n    + add base64url encoding option\n\n  * child_process:\n\n    + allow options.cwd receive a URL\n    + add timeout to spawn and fork\n    + allow promisified exec to be cancel\n    + add 'overlapped' stdio flag\n\n  * dns: add 'tries' option to Resolve options\n  * fs:\n\n    + allow empty string for temp directory prefix\n    + allow no-params fsPromises fileHandle read\n    + add support for async iterators to fsPromises.writeFile\n\n  * http2: add support for sensitive headers\n  * process: add 'worker' event\n  * tls: allow reading data into a static buffer\n  * worker: add setEnvironmentData/getEnvironmentData\n\nChanges in 14.17.6\n\n  * deps: upgrade npm to 6.14.15 which fixes a number of\n    security issues\n    (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712,\n     bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134,\n     bsc#1190053, CVE-2021-39135)\n","id":"openSUSE-SU-2021:3964-1","modified":"2021-12-07T07:57:43Z","published":"2021-12-07T07:57:43Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EB6I33SJCMQ2K7LAKKPS54HRXSB7FQXG/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190053"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190056"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190057"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191601"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191602"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37712"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39135"}],"related":["CVE-2021-22959","CVE-2021-22960","CVE-2021-37701","CVE-2021-37712","CVE-2021-37713","CVE-2021-39134","CVE-2021-39135"],"summary":"Security update for nodejs14","upstream":["CVE-2021-22959","CVE-2021-22960","CVE-2021-37701","CVE-2021-37712","CVE-2021-37713","CVE-2021-39134","CVE-2021-39135"]}