{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs20":"20.18.1-150600.3.6.1","nodejs20-devel":"20.18.1-150600.3.6.1","nodejs20-docs":"20.18.1-150600.3.6.1","npm20":"20.18.1-150600.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP6","name":"nodejs20","purl":"pkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.18.1-150600.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"corepack20":"20.18.1-150600.3.6.1","nodejs20":"20.18.1-150600.3.6.1","nodejs20-devel":"20.18.1-150600.3.6.1","nodejs20-docs":"20.18.1-150600.3.6.1","npm20":"20.18.1-150600.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"nodejs20","purl":"pkg:rpm/opensuse/nodejs20&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.18.1-150600.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs20 fixes the following issues:\n\n- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)\n\nOther fixes:\n- Updated to 20.18.1:\n  * Experimental Network Inspection Support in Node.js\n  * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext\n  * New option for vm.createContext() to create a context with a\n    freezable globalThis\n  * buffer: optimize createFromString\n- Changes in 20.17.0:\n  * module: support require()ing synchronous ESM graphs\n  * path: add matchesGlob method\n  * stream: expose DuplexPair API\n- Changes in 20.16.0:\n  * process: add process.getBuiltinModule(id)\n  * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth\n  * buffer: add .bytes() method to Blob\n","id":"SUSE-SU-2024:4286-1","modified":"2024-12-11T08:30:39Z","published":"2024-12-11T08:30:39Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244286-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233856"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21538"}],"related":["CVE-2024-21538"],"summary":"Security update for nodejs20","upstream":["CVE-2024-21538"]}