4 matches found
CVE-2021-22931
CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...
CVE-2021-22939
CVE-2021-22939 affects Node.js HTTPS usage where passing undefined for rejectUnauthorized may bypass certificate validation, allowing connections to servers with expired certificates. Root cause: incomplete validation of the tls rejectUnauthorized parameter. Affected ranges vary by release stream...
CVE-2021-22940
CVE-2021-22940 affects Node.js before 16.6.1, 14.17.5, and 12.22.5 and is a use-after-free memory corruption issue in HTTP/2 close handling that could change process behavior. Exploitation details are present in connected sources (e.g., Arch Linux advisories) indicating remediation via upgrading ...
CVE-2021-22930
CVE-2021-22930 affects Node.js before 16.6.0, 14.17.4, and 12.22.4, enabling a use-after-free in HTTP/2 close handling that could alter process behavior. Connected advisories confirm the issue and provide fixed versions: nodejs >=16.6.0, >=14.17.5, and >=12.22.5 (Arch Linux ASA-202110-5/...