AVG-2283 log
Package | nodejs |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 16.6.1-1 |
Fixed | 16.6.2-1 |
Current | 23.4.0-1 [extra] |
Ticket | None |
Created | Thu Aug 12 07:06:06 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-22940 | High | Yes | Arbitrary code execution | Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to... |
CVE-2021-22939 | Low | Yes | Certificate verification bypass | If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"... |