NodeJS July 2021 Security Releases

11:14
 
Share
 

Manage episode 297043087 series 1954062
By Hussein Nasser. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.

0:00 Intro

1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash

3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation

7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)

Resources

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

https://hackerone.com/reports/1211160

https://snyk.io/vuln/SNYK-JS-SSRI-1085630

--- Send in a voice message: https://anchor.fm/hnasr/message Support this podcast: https://anchor.fm/hnasr/support

409 episodes