AVG-1403 log

Package nodejs-lts-dubnium
Status Fixed
Severity High
Type multiple issues
Affected 10.23.0-2
Fixed 10.23.1-1
Current Removed
Ticket None
Created Mon Jan 4 23:36:36 2021
Issue Severity Remote Type Description
CVE-2020-8287 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
Date Advisory Package Type
12 Jan 2021 ASA-202101-13 nodejs-lts-dubnium multiple issues