Security update for nodejs8
This update for nodejs8 fixes the following issues:
- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying
properties of Object.prototype (bsc#1166916).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1166916
VUL-0: CVE-2020-7598: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
bnc#1172442
VUL-0: CVE-2020-11080: nodejs12,nodejs10: HTTP/2 Large Settings Frame DoS
bnc#1172443
VUL-0: CVE-2020-8174: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: napi_get_value_string_*() allows various kinds of memory corruption
