---

CVE-2021-22930 - log back

CVE-2021-22930 edited at 30 Jul 2021 08:43:00

References

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930 + https://github.com/nodejs/node/issues/38964 + https://github.com/nodejs/node/pull/39423 + https://github.com/nodejs/node/commit/9d950a0956bf2c3dd87bacb56807f37e16a91db4 + https://github.com/nodejs/node/commit/d48b91ea2b27828ceea10dab1effa42bc542be03 + https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05

CVE-2021-22930 edited at 30 Jul 2021 08:39:50
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ Node.js before version 16.6.0, 14.17.4 and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
References	+ https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930
Notes

CVE-2021-22930 created at 30 Jul 2021 08:38:57