Updated nodejs packages fix security vulnerabilities
Publication date: 05 Apr 2024Modification date: 05 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27982 , CVE-2024-27983
Description
Nodejs 20.12.1 release fixes 2 CVE:
* CVE-2024-27983 - Assertion failed in
node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash-
(High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation
- (Medium)
References
SRPMS
9/core
- nodejs-20.12.1-1.mga9