CVE-2021-22940 log
Source |
|
Severity | High |
Remote | Yes |
Type | Arbitrary code execution |
Description | Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2285 | nodejs-lts-erbium | 12.22.4-2 | 12.22.7-1 | High | Fixed | FS#72412 |
AVG-2284 | nodejs-lts-fermium | 14.17.4-1 | 14.18.1-1 | High | Fixed | FS#72413 |
AVG-2283 | nodejs | 16.6.1-1 | 16.6.2-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
21 Oct 2021 | ASA-202110-6 | AVG-2285 | nodejs-lts-erbium | High | multiple issues |
21 Oct 2021 | ASA-202110-5 | AVG-2284 | nodejs-lts-fermium | High | multiple issues |