Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-39135 - log back

CVE-2021-39135 edited at 31 Aug 2021 20:10:09

Remote

-	Unknown
+	Local

CVE-2021-39135 created at 31 Aug 2021 20:03:13

Severity

+

Medium

Remote

+

Unknown

Type

+	Arbitrary code execution

Description

+	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite and arbitrary code execution vulnerabilities.

References

+	https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
+	https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2

Notes