UbuntuUpdates.org

Bugs fixes in "nodejs"

Origin Bug number Title Date fixed
CVE CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that 2023-11-21
CVE CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil 2023-11-21
CVE CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that 2023-11-21
CVE CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HT 2023-11-21
CVE CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Thi 2023-11-21
CVE CVE-2022-32214 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. T 2023-11-21
CVE CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and 2023-11-21
CVE CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil 2023-11-21
CVE CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that 2023-11-21
CVE CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil 2023-11-21
CVE CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that 2023-11-21
CVE CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HT 2023-11-21
CVE CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Thi 2023-11-21
CVE CVE-2022-32214 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. T 2023-11-21
CVE CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and 2023-11-21
CVE CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil 2023-11-21
CVE CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2023-10-30
CVE CVE-2022-2097 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ... 2023-10-30
CVE CVE-2022-2068 The c_rehash script allows command injection 2023-10-30
CVE CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to ... 2023-10-30



About   -   Send Feedback to @ubuntu_updates