diff options
author | Bradley T. Hughes <bhughes@FreeBSD.org> | 2021-09-21 20:10:07 +0000 |
---|---|---|
committer | Bradley T. Hughes <bhughes@FreeBSD.org> | 2021-09-21 20:27:13 +0000 |
commit | ba1131a59aadec6c066c0933159602dd7d036b5a (patch) | |
tree | 6682e067c9ca626f5c4f5c85424f7df44931b958 | |
parent | ea44dd1e8a65599624575c677937c41fa46624c1 (diff) | |
download | ports-ba1131a59aadec6c066c0933159602dd7d036b5a.tar.gz ports-ba1131a59aadec6c066c0933159602dd7d036b5a.zip |
security/vuxml: document Node.js August 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Sponsored by: Miles AS
-rw-r--r-- | security/vuxml/vuln-2021.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index c1e4db44a3e7..d31a3c2a7732 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,36 @@ + <vuln vid="7062bce0-1b17-11ec-9d9d-0022489ad614"> + <topic>Node.js -- August 2021 Security Releases (2)</topic> + <affects> + <package> + <name>node14</name> + <range><lt>14.17.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Node.js reports:</p> + <blockquote cite="https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/"> + <h1>npm 6 update - node-tar, arborist, npm cli modules</h1> + <p>These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-32803</cvename> + <cvename>CVE-2021-32804</cvename> + <cvename>CVE-2021-37701</cvename> + <cvename>CVE-2021-37712</cvename> + <cvename>CVE-2021-37713</cvename> + <cvename>CV#-2021-39134</cvename> + <cvename>CVE-2021-39135</cvename> + <url>https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/</url> + </references> + <dates> + <discovery>2021-08-31</discovery> + <entry>2021-09-21</entry> + </dates> + </vuln> + <vuln vid="b092bd4f-1b16-11ec-9d9d-0022489ad614"> <topic>Node.js -- August 2021 Security Releases</topic> <affects> |