VulnerableCode Package Details - pkg:alpm/archlinux/nodejs@15.5.1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d15h-ng65-aaab	Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.	CVE-2020-8287
VCID-r6v6-e21j-aaag	Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.	CVE-2020-8265

Vulnerability

Summary

Aliases

VCID-d15h-ng65-aaab

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

CVE-2020-8287

VCID-r6v6-e21j-aaag

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

CVE-2020-8265

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:46.685993+00:00	Arch Linux Importer	Fixing	VCID-r6v6-e21j-aaag	https://security.archlinux.org/AVG-1400	36.0.0
2025-03-28T07:45:46.665606+00:00	Arch Linux Importer	Fixing	VCID-d15h-ng65-aaab	https://security.archlinux.org/AVG-1400	36.0.0
2024-10-20T01:39:38.604790+00:00	Arch Linux Importer	Fixing	VCID-r6v6-e21j-aaag	https://security.archlinux.org/AVG-1400	34.0.2
2024-10-20T01:39:38.582062+00:00	Arch Linux Importer	Fixing	VCID-d15h-ng65-aaab	https://security.archlinux.org/AVG-1400	34.0.2
2024-09-18T02:00:47.850443+00:00	Arch Linux Importer	Fixing	VCID-r6v6-e21j-aaag	https://security.archlinux.org/AVG-1400	34.0.1
2024-09-18T02:00:47.824073+00:00	Arch Linux Importer	Fixing	VCID-d15h-ng65-aaab	https://security.archlinux.org/AVG-1400	34.0.1
2024-05-04T17:12:01.411509+00:00	Arch Linux Importer	Fixing	VCID-r6v6-e21j-aaag	https://security.archlinux.org/AVG-1400	34.0.0rc4
2024-05-04T17:12:01.389491+00:00	Arch Linux Importer	Fixing	VCID-d15h-ng65-aaab	https://security.archlinux.org/AVG-1400	34.0.0rc4
2024-01-03T22:27:05.708938+00:00	Arch Linux Importer	Fixing	VCID-r6v6-e21j-aaag	https://security.archlinux.org/AVG-1400	34.0.0rc1
2024-01-03T22:27:05.687242+00:00	Arch Linux Importer	Fixing	VCID-d15h-ng65-aaab	https://security.archlinux.org/AVG-1400	34.0.0rc1