Source: nodejs Version: 12.22.7~dfsg-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 12.22.5~dfsg-2~11u1
Hi, The following vulnerabilities were published for nodejs. CVE-2021-44531[0]: | Improper handling of URI Subject Alternative Names CVE-2021-44532[1]: | Certificate Verification Bypass via String Injection CVE-2021-44533[2]: | Incorrect handling of certificate subject and issuer fields CVE-2022-21824[3]: | Prototype pollution via console.table properties If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-44531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531 [1] https://security-tracker.debian.org/tracker/CVE-2021-44532 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532 [2] https://security-tracker.debian.org/tracker/CVE-2021-44533 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533 [3] https://security-tracker.debian.org/tracker/CVE-2022-21824 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
