AVG-2460 log

Package nodejs
Status Fixed
Severity Medium
Type url request injection
Affected 16.11.0-1
Fixed 16.11.1-1
Current 17.1.0-2 [community]
Ticket None
Created Tue Oct 12 16:36:13 2021
Issue Severity Remote Type Description
CVE-2021-22960 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of...
CVE-2021-22959 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the...
Date Advisory Package Type
21 Oct 2021 ASA-202110-4 nodejs url request injection