BIT-node-2021-22940

BIT-node-2021-22940 PUBLISHED CVSS 7.5 HIGH

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Bitnami	node	12.0.0, 14.0.0, 16.0.0

Exploit Intelligence

https://hackerone.com/reports/1238162 (osv)

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf url
https://hackerone.com/reports/1238162 url
https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html url
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ url
https://security.gentoo.org/glsa/202401-02 url
https://security.netapp.com/advisory/ntap-20210923-0001/ url
https://www.oracle.com/security-alerts/cpujan2022.html url
https://www.oracle.com/security-alerts/cpujul2022.html url
https://www.oracle.com/security-alerts/cpuoct2021.html url
https://nvd.nist.gov/vuln/detail/CVE-2021-22940 url

Open in Interactive Console →