AVG-2283 log
| Package | nodejs |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 16.6.1-1 |
| Fixed | 16.6.2-1 |
| Current | 21.7.3-1 [extra] |
| Ticket | None |
| Created | Thu Aug 12 07:06:06 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22940 | High | Yes | Arbitrary code execution | Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to... |
| CVE-2021-22939 | Low | Yes | Certificate verification bypass | If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"... |