Nodejs Node.js 15.14.0

CPE Details

Nodejs Node.js 15.14.0
15.14.0
2021-04-14
18h07 +00:00
2021-05-21
13h40 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nodejs:node.js:15.14.0:*:*:*:-:*:*:*

Informations

Vendor

nodejs

Product

node.js

Version

15.14.0

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-35255 2022-12-04 23h00 +00:00 A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
9.1
Critical
CVE-2022-36046 2022-08-31 16h55 +00:00 Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.
5.3
Medium
CVE-2021-43803 2021-12-09 22h50 +00:00 Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.
7.5
High