nodejs16 (SUSE:Linux Enterprise Module for Web and Scripting 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Web and Scripting 15 SP3 package nodejs16, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2022-35255 — CVSS 9.1 (critical): A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGe…
CVE-2022-43548 — CVSS 8.1 (high): A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost…
CVE-2022-32212 — CVSS 8.1 (high): A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that…
CVE-2022-29244 — CVSS 7.5 (high): npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie…
CVE-2022-32214 — CVSS 6.5 (medium): The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP…
CVE-2022-32215 — CVSS 6.5 (medium): The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding…
CVE-2022-32213 — CVSS 6.5 (medium): The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding…
CVE-2022-35256 — CVSS 6.5 (medium): The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may…
CVE-2022-35949 — CVSS 5.3 (medium): undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an…
CVE-2022-31150 — CVSS 5.3 (medium): undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in…