#15330 closed enhancement (fixed)
node.js-14.17.4
Reported by: | Bruce Dubbs | Owned by: | |
---|---|---|---|
Priority: | elevated | Milestone: | 11.0 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (4)
comment:1 by , 3 years ago
Owner: | changed from | to
---|---|
Priority: | normal → elevated |
Status: | new → assigned |
comment:2 by , 3 years ago
Fixed in @d63fed6200877253f8ae60d56a71b4b91b5f4ca0 10.1-701 Security Advisory 10.1-084.
comment:3 by , 3 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
From the oss-security list:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Thank you to Eran Levin (exx8) for reporting this vulnerability.
Impacts:
(The CVE currently shows as Reserved)