VulnerableCode Package Details - pkg:alpm/archlinux/nodejs@16.6.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2bdt-6ufr-aaam	Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.	CVE-2021-22931
VCID-8d4c-zm4a-aaaj	If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.	CVE-2021-22939
VCID-q6sa-wzzu-aaam	Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.	CVE-2021-22940

Vulnerability

Summary

Aliases

VCID-2bdt-6ufr-aaam

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

CVE-2021-22931

VCID-8d4c-zm4a-aaaj

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

CVE-2021-22939

VCID-q6sa-wzzu-aaam

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVE-2021-22940

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:30.801504+00:00	Arch Linux Importer	Fixing	VCID-2bdt-6ufr-aaam	https://security.archlinux.org/AVG-2286	36.0.0
2025-03-28T07:45:30.782864+00:00	Arch Linux Importer	Fixing	VCID-8d4c-zm4a-aaaj	https://security.archlinux.org/AVG-2283	36.0.0
2025-03-28T07:45:30.764110+00:00	Arch Linux Importer	Fixing	VCID-q6sa-wzzu-aaam	https://security.archlinux.org/AVG-2283	36.0.0
2024-09-18T02:00:27.422071+00:00	Arch Linux Importer	Fixing	VCID-2bdt-6ufr-aaam	https://security.archlinux.org/AVG-2286	34.0.1
2024-09-18T02:00:27.390554+00:00	Arch Linux Importer	Fixing	VCID-8d4c-zm4a-aaaj	https://security.archlinux.org/AVG-2283	34.0.1
2024-09-18T02:00:27.368798+00:00	Arch Linux Importer	Fixing	VCID-q6sa-wzzu-aaam	https://security.archlinux.org/AVG-2283	34.0.1
2024-01-03T22:26:43.378771+00:00	Arch Linux Importer	Fixing	VCID-2bdt-6ufr-aaam	https://security.archlinux.org/AVG-2286	34.0.0rc1
2024-01-03T22:26:43.352814+00:00	Arch Linux Importer	Fixing	VCID-8d4c-zm4a-aaaj	https://security.archlinux.org/AVG-2283	34.0.0rc1
2024-01-03T22:26:43.329753+00:00	Arch Linux Importer	Fixing	VCID-q6sa-wzzu-aaam	https://security.archlinux.org/AVG-2283	34.0.0rc1