nodejs-lts-fermium

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Fermium)
Version 14.17.4-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2340 14.17.4-1 High Vulnerable
AVG-2284 14.17.4-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-39135 AVG-2340 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite...
CVE-2021-39134 AVG-2340 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary...
CVE-2021-37712 AVG-2340 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file...
CVE-2021-37701 AVG-2340 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File...
CVE-2021-22940 AVG-2284 High Yes Arbitrary code execution
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to...
CVE-2021-22939 AVG-2284 Low Yes Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2287 14.17.4-1 High Not affected
AVG-2240 14.17.3-1 14.17.4-1 High Fixed
AVG-2127 14.16.0-2 14.17.3-1 High Fixed
AVG-1609 14.15.4-1 Low Not affected
AVG-1606 14.15.4-1 14.16.0-1 Medium Fixed
AVG-1405 14.15.3-2 High Not affected
AVG-1401 14.15.3-2 14.15.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-27290 AVG-2127 High Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be...
CVE-2021-23840 AVG-1609 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-23362 AVG-2127 Medium Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may...
CVE-2021-22931 AVG-2287 High Yes Insufficient validation
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing...
CVE-2021-22930 AVG-2240 High Yes Arbitrary code execution
Node.js before version 16.6.0, 14.17.4 and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory...
CVE-2021-22918 AVG-2127 Medium Yes Information disclosure
libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's...
CVE-2021-22884 AVG-1606 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When...
CVE-2021-22883 AVG-1606 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an...
CVE-2020-8287 AVG-1401 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 AVG-1401 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
CVE-2020-1971 AVG-1405 High Yes Denial of service
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of...

Advisories

Date Advisory Group Severity Type
03 Aug 2021 ASA-202108-2 AVG-2240 High arbitrary code execution
20 Jul 2021 ASA-202107-32 AVG-2127 High multiple issues
12 Jan 2021 ASA-202101-15 AVG-1401 High multiple issues