SUSE-SU-2021:2618-1

Details

This update for nodejs8 fixes the following issues:

update to npm 6.14.13
CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976)
CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977)
CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450)

Affected Packages

nodejs8

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

Fixed in:

8.17.0-10.12.2

nodejs8-devel

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

Fixed in:

8.17.0-10.12.2

nodejs8-docs

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

Fixed in:

8.17.0-10.12.2

npm8

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

Fixed in:

8.17.0-10.12.2

References