BIT-node-2021-22930

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2021-22930.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-node-2021-22930

Aliases

CVE-2021-22930

Published

2024-03-06T11:06:34.986Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://hackerone.com/reports/1238162
https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
https://security.gentoo.org/glsa/202401-02
https://security.netapp.com/advisory/ntap-20211112-0002/

Affected packages

Bitnami / node

Package

Name: node
Purl: pkg:bitnami/node

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

12.0.0

Fixed

12.22.4

Introduced

14.0.0

Fixed

14.17.4

Introduced

16.0.0

Fixed

16.6.0