AVG-1401 log

Package nodejs-lts-fermium
Status Fixed
Severity High
Type multiple issues
Affected 14.15.3-2
Fixed 14.15.4-1
Current 14.18.1-1 [community]
Ticket None
Created Mon Jan 4 23:34:05 2021
Issue Severity Remote Type Description
CVE-2020-8287 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
Date Advisory Package Type
12 Jan 2021 ASA-202101-15 nodejs-lts-fermium multiple issues