CVE-2021-39135 - log back

CVE-2021-39135 edited at 31 Aug 2021 20:10:09
Remote
- Unknown
+ Local
CVE-2021-39135 created at 31 Aug 2021 20:03:13
Severity
+ Medium
Remote
+ Unknown
Type
+ Arbitrary code execution
Description
+ The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite and arbitrary code execution vulnerabilities.
References
+ https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
+ https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
Notes