---

AVG-2339 - log back

AVG-2339 edited at 12 Oct 2021 16:49:48
Status	- Vulnerable + Not affected
Advisory qualified	- Yes + No
References	- https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ - https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc - https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p - https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc - https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
Notes	- CVE-2021-39134 only affects Linux users who use ext4 with the case-insensitive feature enabled. + These issues do not affect Node.js directly, but its package manager NPM, which is packaged separately in Arch Linux.

AVG-2339 created at 31 Aug 2021 20:06:24
Packages	+ nodejs-lts-erbium
Issues	+ CVE-2021-37701 + CVE-2021-37712 + CVE-2021-39134 + CVE-2021-39135
Status	+ Vulnerable
Severity	+ High
Affected	+ 12.22.4-2
Fixed
Ticket
Advisory qualified	+ Yes
References	+ https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ + https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc + https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p + https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc + https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
Notes	+ CVE-2021-39134 only affects Linux users who use ext4 with the case-insensitive feature enabled.