{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs18":"18.20.5-8.30.1","nodejs18-devel":"18.20.5-8.30.1","nodejs18-docs":"18.20.5-8.30.1","npm18":"18.20.5-8.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"nodejs18","purl":"pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.20.5-8.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs18 fixes the following issues:\n\n- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)\n\n- Update to 18.20.5\n  * esm: mark import attributes and JSON module as stable\n  * deps:\n    + upgrade npm to 10.8.2\n    + update simdutf to 5.6.0\n    + update brotli to 1.1.0\n    + update ada to 2.8.0\n    + update acorn to 8.13.0\n    + update acorn-walk to 8.3.4\n    + update c-ares to 1.29.0\n","id":"SUSE-SU-2024:4272-1","modified":"2024-12-10T09:12:04Z","published":"2024-12-10T09:12:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244272-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233856"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21538"}],"related":["CVE-2024-21538"],"summary":"Security update for nodejs18","upstream":["CVE-2024-21538"]}