nodejs-lts-erbium

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Erbium)
Version 12.22.0-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1610 12.20.1-1 Low Not affected
AVG-1607 12.20.1-1 12.21.0-1 Medium Fixed
AVG-1406 12.20.0-2 High Not affected
AVG-1402 12.20.0-2 12.20.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-23840 AVG-1610 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-22884 AVG-1607 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When...
CVE-2021-22883 AVG-1607 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an...
CVE-2020-8287 AVG-1402 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 AVG-1402 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
CVE-2020-1971 AVG-1406 High Yes Denial of service
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of...

Advisories

Date Advisory Group Severity Type
12 Jan 2021 ASA-202101-14 AVG-1402 High multiple issues