FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a9c5e89d-2d15-11ec-8363-0022489ad614	Node.js -- October 2021 Security Releases Node.js reports: HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960) The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. Discovery 2021-10-12 Entry 2021-10-14 node < 16.11.1 node14 < 14.18.1 CVE-2021-22959 CVE-2021-22960 https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
7062bce0-1b17-11ec-9d9d-0022489ad614	Node.js -- August 2021 Security Releases (2) Node.js reports: npm 6 update - node-tar, arborist, npm cli modules These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. Discovery 2021-08-31 Entry 2021-09-21 node14 < 14.17.6 CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/

VuXML ID

Description

a9c5e89d-2d15-11ec-8363-0022489ad614

Node.js -- October 2021 Security Releases

Node.js reports:

HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)

The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)

The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

Discovery 2021-10-12
Entry 2021-10-14
node

< 16.11.1

node14

< 14.18.1

CVE-2021-22959
CVE-2021-22960
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/

7062bce0-1b17-11ec-9d9d-0022489ad614

Node.js -- August 2021 Security Releases (2)

Node.js reports:

npm 6 update - node-tar, arborist, npm cli modules

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

Discovery 2021-08-31
Entry 2021-09-21
node14

< 14.17.6

CVE-2021-32803
CVE-2021-32804
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/