NodeJS July 2021 Security Releases
The Backend Engineering Show with Hussein Nasser
English - July 09, 2021 00:44 - 11 minutes - 7.72 MB - ★★★★★ - 5 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Scaling CPU-intensive Backends - The Backend Engineering Show
Next Episode: Microsoft IIS as a Backend - HTTP/HTTPS Bindings
In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.
0:00 Intro
1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash
3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation
7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)
Resources
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
https://hackerone.com/reports/1211160