{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs18":"18.20.5-150400.9.30.1","nodejs18-devel":"18.20.5-150400.9.30.1","nodejs18-docs":"18.20.5-150400.9.30.1","npm18":"18.20.5-150400.9.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP5","name":"nodejs18","purl":"pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.20.5-150400.9.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"corepack18":"18.20.5-150400.9.30.1","nodejs18":"18.20.5-150400.9.30.1","nodejs18-devel":"18.20.5-150400.9.30.1","nodejs18-docs":"18.20.5-150400.9.30.1","npm18":"18.20.5-150400.9.30.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"nodejs18","purl":"pkg:rpm/opensuse/nodejs18&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.20.5-150400.9.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs18 fixes the following issues:\n\n- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)\n\nOther fixes:\n- Update to 18.20.5\n  * esm: mark import attributes and JSON module as stable\n  * deps:\n    + upgrade npm to 10.8.2\n    + update simdutf to 5.6.0\n    + update brotli to 1.1.0\n    + update ada to 2.8.0\n    + update acorn to 8.13.0\n    + update acorn-walk to 8.3.4\n    + update c-ares to 1.29.0\n","id":"SUSE-SU-2024:4301-1","modified":"2024-12-12T08:10:34Z","published":"2024-12-12T08:10:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244301-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233856"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21538"}],"related":["CVE-2024-21538"],"summary":"Security update for nodejs18","upstream":["CVE-2024-21538"]}