CVE-2021-39135 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Arbitrary code execution |
| Description | The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite and arbitrary code execution vulnerabilities. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2461 | nodejs-lts-fermium | 14.17.4-1 | High | Not affected | ||
| AVG-2339 | nodejs-lts-erbium | 12.22.4-2 | High | Not affected |
| References |
|---|
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 |