« List of all CVEs

CVE-2021-22930

Published: 10/7/2021 Last updated: 4/30/2025 Reserved: 1/6/2021

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CNA assigner: hackerone (36234546-b8fa-4601-9d6f-f4e334aa8ea1) Requested by: n/a

Opam packages affected (1)

conf-npm

Products affected (2)

Product Vendor Version
Node NodeJS <= 6.11.*
Node NodeJS HW 3.8

References (24)