← back
CVE-2021-22930

CVE-2021-22930

EPSS 37.3%CWE-416
In short

Node.js versions before 16.6.0, 14.17.4, and 12.22.4 have a memory bug that allows attackers to access memory that has been freed, potentially allowing them to alter how the application behaves.

Technical detail

This is a use-after-free vulnerability (CWE-416) in Node.js where freed memory is accessed, enabling memory corruption. An attacker can exploit this to modify process behavior, though the attack requires specific conditions and the impact depends on the application context.

Summary generated and translated by AI from the official description.
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Affected products
NodeJS · Node

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://hackerone.com/reports/1238162https://lists.debian.org/debian-lts-announce/2022/10/msg00006.htmlhttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/https://security.gentoo.org/glsa/202401-02https://security.netapp.com/advisory/ntap-20211112-0002/