This content originally appeared on Node.js Blog and was authored by Daniel Bevenius
(Update 6-Apr-2021) Security releases available
Updates are now available for v10,x, v12.x, v14.x and v15.x Node.js release lines for the following issues.
OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
- All versions of the 14.x, 12.x and 10.x releases lines
Downloads and release details
This content originally appeared on Node.js Blog and was authored by Daniel Bevenius
Daniel Bevenius | Sciencx (2021-03-31T16:00:00+00:00) April 2021 Security Releases. Retrieved from https://www.scien.cx/2021/03/31/april-2021-security-releases/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.