Overview

File _patchinfo of Package patchinfo.24990

<patchinfo incident="24990">
  <issue tracker="bnc" id="1201325">VUL-0: CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding</issue>
  <issue tracker="bnc" id="1201328">VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses</issue>
  <issue tracker="bnc" id="1201326">VUL-0: CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields</issue>
  <issue tracker="bnc" id="1201327">VUL-0: CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding</issue>
  <issue tracker="cve" id="2022-32215"/>
  <issue tracker="cve" id="2022-32214"/>
  <issue tracker="cve" id="2022-32213"/>
  <issue tracker="cve" id="2022-32212"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs14</summary>
  <description>This update for nodejs14 fixes the following issues:

- CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328).
- CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325).
- CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326).
- CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places