CVE-2021-22930

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*

History

03 Dec 2021, 02:55

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0002/ - Third Party Advisory

12 Nov 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0002/ -

18 Oct 2021, 17:15

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 7.5
v3 : 9.8

15 Oct 2021, 01:30

Type Values Removed Values Added
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
References (MISC) https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ - (MISC) https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ - Patch, Vendor Advisory
References (MISC) https://hackerone.com/reports/1238162 - (MISC) https://hackerone.com/reports/1238162 - Permissions Required, Third Party Advisory
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

07 Oct 2021, 14:20

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-07 14:15

Updated : 2021-12-03 02:55


NVD link : CVE-2021-22930

Mitre link : CVE-2021-22930


JSON object : View

Products Affected

netapp

  • nextgen_api

nodejs

  • node.js
CWE
CWE-416

Use After Free