Lucene search
K
NetappNextgen Api

4 matches found

CVE
CVE
added 2021/08/16 12:0 a.m.449 views

CVE-2021-22931

CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...

9.8CVSS9.9AI score0.21952EPSS
CVE
CVE
added 2021/08/16 12:0 a.m.323 views

CVE-2021-22939

CVE-2021-22939 affects Node.js HTTPS usage where passing undefined for rejectUnauthorized may bypass certificate validation, allowing connections to servers with expired certificates. Root cause: incomplete validation of the tls rejectUnauthorized parameter. Affected ranges vary by release stream...

5.3CVSS7.4AI score0.1473EPSS
CVE
CVE
added 2021/08/16 12:0 a.m.320 views

CVE-2021-22940

CVE-2021-22940 affects Node.js before 16.6.1, 14.17.5, and 12.22.5 and is a use-after-free memory corruption issue in HTTP/2 close handling that could change process behavior. Exploitation details are present in connected sources (e.g., Arch Linux advisories) indicating remediation via upgrading ...

7.5CVSS8.4AI score0.13861EPSS
CVE
CVE
added 2021/10/07 12:0 a.m.295 views

CVE-2021-22930

CVE-2021-22930 affects Node.js before 16.6.0, 14.17.4, and 12.22.4, enabling a use-after-free in HTTP/2 close handling that could alter process behavior. Connected advisories confirm the issue and provide fixed versions: nodejs >=16.6.0, >=14.17.5, and >=12.22.5 (Arch Linux ASA-202110-5/...

9.8CVSS9.4AI score0.37286EPSS