En

Node.js官网安全更新(2021-04-06)

来源:Node.js官网 发布日期:2021-04-06 阅读次数:5441 评论:0

基本信息

发布日期:2021-04-06(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2021-04-07 04:54:45

风险等级:未知

情报贡献:TSRC

更新标题

Node v14.16.1 (LTS)

更新详情


Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines




CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines




CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines




Read more...

软件描述

Node.js 是一个基于 Chrome V8 引擎的 JavaScript 运行环境。

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入