CVE-2021-22930

Critical

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory…

hackerone·CWE-416·Published 2021-10-07

CVSS

9.8

EPSS

0.37

KEV

No

Exploits

0

Vendor statements (1)

security.gentoo.org

cve.orgen

178 chars

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

NVDen

178 chars

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

NVDes

227 chars

Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a un ataque de uso de memoria previamente liberada donde un atacante podría aprovechar una corrupción de memoria para cambiar el comportamiento del proceso

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H