nodejs-lts-fermium

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Fermium)
Version 14.21.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2461 14.17.4-1 High Not affected
AVG-2287 14.17.4-1 High Not affected
AVG-2284 14.17.4-1 14.18.1-1 High Fixed FS#72413
AVG-2240 14.17.3-1 14.17.4-1 High Fixed
AVG-2127 14.16.0-2 14.17.3-1 High Fixed
AVG-1609 14.15.4-1 Low Not affected
AVG-1606 14.15.4-1 14.16.0-1 Medium Fixed
AVG-1405 14.15.3-2 High Not affected
AVG-1401 14.15.3-2 14.15.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-39135 AVG-2461 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to arbitrary file creation/overwrite...
CVE-2021-39134 AVG-2461 Medium No Arbitrary code execution
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary...
CVE-2021-37712 AVG-2461 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file...
CVE-2021-37701 AVG-2461 High No Arbitrary file overwrite
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File...
CVE-2021-27290 AVG-2127 High Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be...
CVE-2021-23840 AVG-1609 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-23362 AVG-2127 Medium Yes Denial of service
A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the hosted-git-info npm module which may...
CVE-2021-22960 AVG-2284 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of...
CVE-2021-22959 AVG-2284 Medium Yes Url request injection
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the...
CVE-2021-22940 AVG-2284 High Yes Arbitrary code execution
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to...
CVE-2021-22939 AVG-2284 Low Yes Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized"...
CVE-2021-22931 AVG-2287 High Yes Insufficient validation
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing...
CVE-2021-22930 AVG-2240 High Yes Arbitrary code execution
Node.js before version 16.6.0, 14.17.4 and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory...
CVE-2021-22918 AVG-2127 Medium Yes Information disclosure
libuv before version 1.14.1, as bundled by Node.js before versions 16.4.1, 14.17.2 and 12.22.2, is vulnerable to an out-of-bounds read in the libuv's...
CVE-2021-22884 AVG-1606 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when the whitelist includes “localhost6”. When...
CVE-2021-22883 AVG-1606 Medium Yes Denial of service
Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an...
CVE-2020-8287 AVG-1401 Low No Url request injection
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields....
CVE-2020-8265 AVG-1401 High No Arbitrary code execution
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket,...
CVE-2020-1971 AVG-1405 High Yes Denial of service
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of...

Advisories

Date Advisory Group Severity Type
21 Oct 2021 ASA-202110-5 AVG-2284 High multiple issues
03 Aug 2021 ASA-202108-2 AVG-2240 High arbitrary code execution
20 Jul 2021 ASA-202107-32 AVG-2127 High multiple issues
12 Jan 2021 ASA-202101-15 AVG-1401 High multiple issues