Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930.
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930.
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940 https://github.com/nodejs/node/pull/39423 https://github.com/nodejs/node/pull/39622 https://github.com/nodejs/node/commit/a3c33d4ce78f74d1cf1765704af5b427aa3840a6 https://github.com/nodejs/node/commit/2008c9722fcf7591e39013691f303934b622df7b https://github.com/nodejs/node/commit/2008c9722fcf7591e39013691f303934b622df7b