AVG-2285 log

Package nodejs-lts-erbium
Status Fixed
Severity High
Type multiple issues
Affected 12.22.4-2
Fixed 12.22.7-1
Current 12.22.7-1 [community]
Ticket FS#72412
Created Thu Aug 12 07:10:42 2021
Issue Severity Remote Type Description
CVE-2021-22960 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of...
CVE-2021-22959 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the...
CVE-2021-22940 High Yes Arbitrary code execution
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to...
CVE-2021-22939 Low Yes Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"...
Date Advisory Package Type
21 Oct 2021 ASA-202110-6 nodejs-lts-erbium multiple issues