AVG-1402 log

Package nodejs-lts-erbium
Status Fixed
Severity High
Type multiple issues
Affected 12.20.0-2
Fixed 12.20.1-1
Current 12.22.7-1 [community]
Ticket None
Created Mon Jan 4 23:35:57 2021
Issue Severity Remote Type Description
CVE-2020-8287 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
Date Advisory Package Type
12 Jan 2021 ASA-202101-14 nodejs-lts-erbium multiple issues