AVG-1400 log
| Package | nodejs |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 15.5.0-1 |
| Fixed | 15.5.1-1 |
| Current | 25.2.1-1 [extra] |
| Ticket | None |
| Created | Mon Jan 4 23:18:41 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-8287 | Low | No | Url request injection | The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields.... |
| CVE-2020-8265 | High | No | Arbitrary code execution | The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 12 Jan 2021 | ASA-202101-16 | nodejs | multiple issues |