[FREEBSD:F53DAB71-1B15-11EC-9D9D-0022489AD614] Node.js -- July 2021 Security Releases (2)
Severity
Critical
Affected Packages
2
CVEs
1
Node.js reports:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Package | Affected Version |
---|---|
pkg:freebsd/node14 | < 14.17.4 |
pkg:freebsd/node | < 16.6.0 |
- ID
- FREEBSD:F53DAB71-1B15-11EC-9D9D-0022489AD614
- Severity
- critical
- Severity from
- CVE-2021-22930
- URL
- http://vuxml.freebsd.org/freebsd/f53dab71-1b15-11ec-9d9d-0022489ad614.html
- Published
-
2021-07-29T00:00:00
(3 years ago) - Modified
-
2021-09-21T00:00:00
(3 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALPINE:CVE-2021-22930
- ALSA-2021:3623
- ALSA-2021:3666
- ASA-202108-1
- ELSA-2021-3623
- ELSA-2021-3666
- GLSA-202401-02
- GLSA-202405-29
- MS:CVE-2021-22930
- openSUSE-SU-2021:1214-1
- openSUSE-SU-2021:1239-1
- openSUSE-SU-2021:1313-1
- openSUSE-SU-2021:1343-1
- openSUSE-SU-2021:2875-1
- openSUSE-SU-2021:2953-1
- openSUSE-SU-2021:3211-1
- openSUSE-SU-2021:3294-1
- RHSA-2021:3623
- RHSA-2021:3666
- RLSA-2021:3623
- RLSA-2021:3666
- SUSE-SU-2021:2790-1
- SUSE-SU-2021:2823-1
- SUSE-SU-2021:2824-1
- SUSE-SU-2021:2875-1
- SUSE-SU-2021:2953-1
- SUSE-SU-2021:3184-1
- SUSE-SU-2021:3211-1
- SUSE-SU-2021:3294-1
- SUSE-SU-2022:2855-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |