FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a9c5e89d-2d15-11ec-8363-0022489ad614Node.js -- October 2021 Security Releases

Node.js reports:

HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)

The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)

The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.


Discovery 2021-10-12
Entry 2021-10-14
node
lt 16.11.1

node14
lt 14.18.1

CVE-2021-22959
CVE-2021-22960
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
7062bce0-1b17-11ec-9d9d-0022489ad614Node.js -- August 2021 Security Releases (2)

Node.js reports:

npm 6 update - node-tar, arborist, npm cli modules

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.


Discovery 2021-08-31
Entry 2021-09-21
node14
lt 14.17.6

CVE-2021-32803
CVE-2021-32804
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/