nodejs-lts-dubnium
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Unknown |
| Version | Removed |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2129 | 10.24.0-2 | High | Unknown |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-27290 | AVG-2129 | High | Yes | Denial of service | A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be... |
| CVE-2021-23362 | AVG-2129 | Medium | Yes | Denial of service | A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may... |
| CVE-2021-22918 | AVG-2129 | Medium | Yes | Information disclosure | libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1611 | 10.23.2-1 | Low | Not affected | ||
| AVG-1608 | 10.23.2-1 | 10.24.0-1 | Medium | Fixed | |
| AVG-1407 | 10.23.0-2 | High | Not affected | ||
| AVG-1403 | 10.23.0-2 | 10.23.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-23840 | AVG-1611 | Low | Yes | Incorrect calculation | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
| CVE-2021-22884 | AVG-1608 | Medium | Yes | Denial of service | Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When... |
| CVE-2021-22883 | AVG-1608 | Medium | Yes | Denial of service | Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an... |
| CVE-2020-8287 | AVG-1403 | Low | No | Url request injection | The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields.... |
| CVE-2020-8265 | AVG-1403 | High | No | Arbitrary code execution | The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,... |
| CVE-2020-1971 | AVG-1407 | High | Yes | Denial of service | A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 12 Jan 2021 | ASA-202101-13 | AVG-1403 | High | multiple issues |