AVG-2129 log
| Package | nodejs-lts-dubnium |
| Status | Unknown |
| Severity | High |
| Type | multiple issues |
| Affected | 10.24.0-2 |
| Fixed | Unknown |
| Current | Removed |
| Ticket | None |
| Created | Fri Jul 2 08:59:49 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-27290 | High | Yes | Denial of service | A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be... |
| CVE-2021-23362 | Medium | Yes | Denial of service | A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may... |
| CVE-2021-22918 | Medium | Yes | Information disclosure | libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's... |
| References |
|---|
https://github.com/nodejs/Release/blob/main/README.md |
| Notes |
|---|
Node.js Dubnium is end of life since 2021-04-30, so these issues are not going to get fixed. |