nodejs-lts-erbium

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Erbium)
Version 12.22.4-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2339 12.22.4-2 High Vulnerable
AVG-2285 12.22.4-2 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-39135 AVG-2339 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite...
CVE-2021-39134 AVG-2339 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary...
CVE-2021-37712 AVG-2339 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file...
CVE-2021-37701 AVG-2339 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File...
CVE-2021-22940 AVG-2285 High Yes Arbitrary code execution
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to...
CVE-2021-22939 AVG-2285 Low Yes Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2288 12.22.4-2 High Not affected
AVG-2241 12.22.3-1 12.22.4-1 High Fixed
AVG-2128 12.22.0-2 12.22.3-1 High Fixed
AVG-1610 12.20.1-1 Low Not affected
AVG-1607 12.20.1-1 12.21.0-1 Medium Fixed
AVG-1406 12.20.0-2 High Not affected
AVG-1402 12.20.0-2 12.20.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-27290 AVG-2128 High Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be...
CVE-2021-23840 AVG-1610 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-23362 AVG-2128 Medium Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may...
CVE-2021-22931 AVG-2288 High Yes Insufficient validation
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing...
CVE-2021-22930 AVG-2241 High Yes Arbitrary code execution
Node.js before version 16.6.0, 14.17.4 and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory...
CVE-2021-22918 AVG-2128 Medium Yes Information disclosure
libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's...
CVE-2021-22884 AVG-1607 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When...
CVE-2021-22883 AVG-1607 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an...
CVE-2020-8287 AVG-1402 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 AVG-1402 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
CVE-2020-1971 AVG-1406 High Yes Denial of service
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of...

Advisories

Date Advisory Group Severity Type
03 Aug 2021 ASA-202108-3 AVG-2241 High arbitrary code execution
20 Jul 2021 ASA-202107-33 AVG-2128 High multiple issues
12 Jan 2021 ASA-202101-14 AVG-1402 High multiple issues