ID de Prueba:	1.3.6.1.4.1.25623.1.0.856317
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:2542-1)
Resumen:	The remote host is missing an update for the 'nodejs18' package(s) announced via the SUSE-SU-2024:2542-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nodejs18' package(s) announced via the SUSE-SU-2024:2542-1 advisory. Vulnerability Insight: This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) Changes in 18.20.3: - This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections. deps: - acorn updated to 8.11.3. - acorn-walk updated to 8.3.2. - ada updated to 2.7.8. - c-ares updated to 1.28.1. - corepack updated to 0.28.0. - nghttp2 updated to 1.61.0. - ngtcp2 updated to 1.3.0. - npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324. - simdutf updated to 5.2.4. Changes in 18.20.2: - CVE-2024-27980: Fixed command injection via args parameter of child_process.spawn without shell option enabled on Windows (bsc#1222665) Affected Software/OS: 'nodejs18' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22020 Common Vulnerability Exposure (CVE) ID: CVE-2024-27980 Common Vulnerability Exposure (CVE) ID: CVE-2024-36138
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.