Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-22940

Published: 16/08/2021 Updated: 05/01/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Node.js

Vulnerability Summary

Node.js prior to 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nodejs node.js

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle graalvm 20.3.3

oracle graalvm 21.2.0

oracle jd edwards enterpriseone tools

netapp nextgen api -

siemens sinec infrastructure network services

debian debian linux 10.0

Vendor Advisories

Red Hat: CVE-2021-22940
No description is available for this CVE ...
Arch Linux Issues:
Nodejs before versions 1662, 14175 and 12225 is vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior The issue is a follow on to CVE-2021-22930 as the issue was not completely resolved in the fix for CVE-2021-22930 ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy

References

CWE-416https://hackerone.com/reports/1238162https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/https://security.netapp.com/advisory/ntap-20210923-0001/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.debian.org/debian-lts-announce/2022/10/msg00006.htmlhttps://security.gentoo.org/glsa/202401-02https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-22940https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook