AVG-1400 log
Package | nodejs |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 15.5.0-1 |
Fixed | 15.5.1-1 |
Current | 23.4.0-1 [extra] |
Ticket | None |
Created | Mon Jan 4 23:18:41 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-8287 | Low | No | Url request injection | The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields.... |
CVE-2020-8265 | High | No | Arbitrary code execution | The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,... |
Date | Advisory | Package | Type |
---|---|---|---|
12 Jan 2021 | ASA-202101-16 | nodejs | multiple issues |