AVG-1402 log
| Package | nodejs-lts-erbium |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 12.20.0-2 |
| Fixed | 12.20.1-1 |
| Current | Removed |
| Ticket | None |
| Created | Mon Jan 4 23:35:57 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-8287 | Low | No | Url request injection | The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields.... |
| CVE-2020-8265 | High | No | Arbitrary code execution | The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 12 Jan 2021 | ASA-202101-14 | nodejs-lts-erbium | multiple issues |