[Buildroot] [PATCH-2021.02.x] package/nodejs: security bump to version 12.22.7
Peter Korsgaard
peter at korsgaard.com
Tue Oct 26 18:34:53 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
> The http parser accepts requests with a space (SP) right after the header
> name before the colon. This can lead to HTTP Request Smuggling (HRS).
> - CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
> The http parser ignores chunk extensions when parsing the body of chunked
> requests. This leads to HTTP Request Smuggling (HRS) under certain
> conditions.
> For more details, see the advisory:
> https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.02.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list