AVG-1400 log

Package nodejs
Status Fixed
Severity High
Type multiple issues
Affected 15.5.0-1
Fixed 15.5.1-1
Current 17.0.1-1 [community-testing]
16.11.1-1 [community]
Ticket None
Created Mon Jan 4 23:18:41 2021
Issue Severity Remote Type Description
CVE-2020-8287 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
Date Advisory Package Type
12 Jan 2021 ASA-202101-16 nodejs multiple issues