---

CVE-2021-22940 - log back

CVE-2021-22940 edited at 12 Aug 2021 07:35:30

References

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940 + https://github.com/nodejs/node/pull/39423 + https://github.com/nodejs/node/pull/39622 + https://github.com/nodejs/node/commit/a3c33d4ce78f74d1cf1765704af5b427aa3840a6 + https://github.com/nodejs/node/commit/2008c9722fcf7591e39013691f303934b622df7b + https://github.com/nodejs/node/commit/2008c9722fcf7591e39013691f303934b622df7b

CVE-2021-22940 edited at 12 Aug 2021 07:09:52
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930.
References	+ https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
Notes

CVE-2021-22940 created at 12 Aug 2021 07:06:06