Updated nodejs packages fix security vulnerabilities
Publication date: 05 Apr 2024Modification date: 05 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27982 , CVE-2024-27983
Description
Nodejs 20.12.1 release fixes 2 CVE: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
References
SRPMS
9/core
- nodejs-20.12.1-1.mga9