AVG-2852 log

Package nodejs
Status Fixed
Severity High
Type multiple issues
Affected 21.7.1-1
Fixed 21.7.2-1
Current 23.4.0-1 [extra]
Ticket None
Created Wed Apr 3 15:48:47 2024
Advisory Pending
Issue Severity Remote Type Description
CVE-2024-27983 High Yes Denial of service
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982 Medium Yes Insufficient validation
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....
References
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
https://github.com/nodejs/node/releases/tag/v21.7.2