AVG-2339 log

Package nodejs-lts-erbium
Status Not affected
Severity High
Type multiple issues
Affected 12.22.4-2
Fixed Not affected
Current 12.22.7-1 [community]
Ticket None
Created Tue Aug 31 20:06:24 2021
Issue Severity Remote Type Description
CVE-2021-39135 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite...
CVE-2021-39134 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary...
CVE-2021-37712 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file...
CVE-2021-37701 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File...
Notes
These issues do not affect Node.js directly, but its package manager NPM, which is packaged separately in Arch Linux.