CVE-2021-39135 |
AVG-2339 |
Medium |
No |
Arbitrary code execution |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite... |
CVE-2021-39134 |
AVG-2339 |
Medium |
No |
Arbitrary code execution |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary... |
CVE-2021-37712 |
AVG-2339 |
High |
No |
Arbitrary file overwrite |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file... |
CVE-2021-37701 |
AVG-2339 |
High |
No |
Arbitrary file overwrite |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File... |
CVE-2021-27290 |
AVG-2128 |
High |
Yes |
Denial of service |
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be... |
CVE-2021-23840 |
AVG-1610 |
Low |
Yes |
Incorrect calculation |
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
CVE-2021-23362 |
AVG-2128 |
Medium |
Yes |
Denial of service |
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may... |
CVE-2021-22960 |
AVG-2285 |
Medium |
Yes |
Url request injection |
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of... |
CVE-2021-22959 |
AVG-2285 |
Medium |
Yes |
Url request injection |
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the... |
CVE-2021-22940 |
AVG-2285 |
High |
Yes |
Arbitrary code execution |
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to... |
CVE-2021-22939 |
AVG-2285 |
Low |
Yes |
Certificate verification bypass |
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"... |
CVE-2021-22931 |
AVG-2288 |
High |
Yes |
Insufficient validation |
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing... |
CVE-2021-22930 |
AVG-2241 |
High |
Yes |
Arbitrary code execution |
Node.js before version 16.6.0, 14.17.4 and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory... |
CVE-2021-22918 |
AVG-2128 |
Medium |
Yes |
Information disclosure |
libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's... |
CVE-2021-22884 |
AVG-1607 |
Medium |
Yes |
Denial of service |
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When... |
CVE-2021-22883 |
AVG-1607 |
Medium |
Yes |
Denial of service |
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an... |
CVE-2020-8287 |
AVG-1402 |
Low |
No |
Url request injection |
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields.... |
CVE-2020-8265 |
AVG-1402 |
High |
No |
Arbitrary code execution |
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,... |
CVE-2020-1971 |
AVG-1406 |
High |
Yes |
Denial of service |
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of... |