AVG-2283 log

Package nodejs
Status Fixed
Severity High
Type multiple issues
Affected 16.6.1-1
Fixed 16.6.2-1
Current 22.5.0-1 [extra]
Ticket None
Created Thu Aug 12 07:06:06 2021
Issue Severity Remote Type Description
CVE-2021-22940 High Yes Arbitrary code execution
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to...
CVE-2021-22939 Low Yes Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"...