First published: Thu Jul 29 2021(Updated: )
A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-nodejs14-nodejs | <0:14.17.5-1.el7 | 0:14.17.5-1.el7 |
redhat/rh-nodejs12-nodejs | <0:12.22.5-1.el7 | 0:12.22.5-1.el7 |
redhat/rh-nodejs12-nodejs-nodemon | <0:2.0.3-5.el7 | 0:2.0.3-5.el7 |
Nodejs Node.js | >=12.0.0<12.22.4 | |
Nodejs Node.js | >=14.0.0<14.17.4 | |
Nodejs Node.js | >=16.0.0<16.6.0 | |
Netapp Nextgen Api | ||
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
Debian Debian Linux | =10.0 | |
redhat/nodejs | <12.22.4 | 12.22.4 |
redhat/nodejs | <14.17.4 | 14.17.4 |
redhat/nodejs | <16.6.0 | 16.6.0 |
IBM Cognos Controller | <=11.0.0 - 11.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-22930 is a vulnerability in Node.js that allows for a use-after-free attack, leading to memory corruption and a change in process behavior.
CVE-2021-22930 has a severity rating of critical, with a severity value of 9.
Versions before Node.js 16.6.0, 14.17.4, and 12.22.4 are affected by CVE-2021-22930.
To fix CVE-2021-22930, update to Node.js versions 16.6.0, 14.17.4, or 12.22.4.
A use-after-free attack is a type of memory corruption attack where an attacker manipulates object references after they have been freed, leading to unintended behavior and potential exploitation.