FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- August 2021 Security Releases (2)

Affected packages
node14 < 14.17.6

Details

VuXML ID 7062bce0-1b17-11ec-9d9d-0022489ad614
Discovery 2021-08-31
Entry 2021-09-21

Node.js reports:

npm 6 update - node-tar, arborist, npm cli modules

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

References

CVE Name CVE-2021-32803
CVE Name CVE-2021-32804
CVE Name CVE-2021-37701
CVE Name CVE-2021-37712
CVE Name CVE-2021-37713
CVE Name CVE-2021-39134
CVE Name CVE-2021-39135
URL https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/