/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Security audit reports many vulnerabilities:
- undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (Low) - (CVE-2023-45143)
- nghttp2 - HTTP/2 Rapid Reset (High) - (CVE-2023-44487)
- Permission model improperly protects against path traversal (High) - (CVE-2023-39331)
- Path traversal through path stored in Uint8Array (High) - (CVE-2023-39332)
- Integrity checks according to policies can be circumvented (Medium) - (CVE-2023-38552)
- Code injection via WebAssembly export names (Low) - (CVE-2023-39333)
See Friday October 13 2023 Security Releases
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/ - How to to apply the Node.js 18.18.2 version to the PD server to protect the vulnerability of the server.
Read more...
Environment
- SAP PowerDesigner (PD) Web 16.7 SP07
- Node.js 18.x < 18.18.2
Product
SAP PowerDesigner 16.7
Keywords
nodejs, CVE-2023-45143, CVE-2023-44487, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 , KBA , BC-SYB-PD , PowerDesigner , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)