FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- July 2021 Security Releases (2)

Affected packages
node14 < 14.17.4
node < 16.6.0

Details

VuXML ID f53dab71-1b15-11ec-9d9d-0022489ad614
Discovery 2021-07-29
Entry 2021-09-21

Node.js reports:

Use after free on close http2 on stream canceling (High) (CVE-2021-22930)

Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

References

CVE Name CVE-2021-22930
URL https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/