CVE-2021-22940

Published: Aug 16, 2021

Modified: Apr 30, 2025

PUBLISHED

Description

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Vendor	Product	Versions
NodeJS	Node	affected `4.0 - < 4.` affected `5.0 - < 5.` affected `6.0 - < 6.` affected `7.0 - < 7.` affected `8.0 - < 8.*` +8 more versions

Weaknesses (CWE)

CWE-416

References

https://hackerone.com/reports/1238162

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20210923-0001/

https://www.oracle.com/security-alerts/cpujan2022.html

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

https://www.oracle.com/security-alerts/cpujul2022.html

[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update

mailing-list

GLSA-202401-02

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-22940

Description

Affected Products

Weaknesses (CWE)

References