Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
[
{
"vendor": "n/a",
"product": "https://github.com/nodejs/node",
"versions": [
{
"version": "Fixed versions 16.6.2, 14.17.5, and 12.22.5",
"status": "affected"
}
]
}
]
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
hackerone.com/reports/1238162
lists.debian.org/debian-lts-announce/2022/10/msg00006.html
nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
security.gentoo.org/glsa/202401-02
security.netapp.com/advisory/ntap-20210923-0001/
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html