| CVE-2021-22960 |
Medium |
Yes |
Url request injection |
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of... |
| CVE-2021-22959 |
Medium |
Yes |
Url request injection |
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the... |
| CVE-2021-22940 |
High |
Yes |
Arbitrary code execution |
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to... |
| CVE-2021-22939 |
Low |
Yes |
Certificate verification bypass |
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"... |