![The Backend Engineering Show with Hussein Nasser artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts113/v4/cd/d5/bb/cdd5bbe4-0e12-9615-1bd5-6f578f2e6875/mza_5436295260688338257.jpg/100x100bb.jpg)
NodeJS July 2021 Security Releases
The Backend Engineering Show with Hussein Nasser
English - July 09, 2021 00:44 - 11 minutes - 7.72 MB - ★★★★★ - 5 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Scaling CPU-intensive Backends - The Backend Engineering Show
Next Episode: Microsoft IIS as a Backend - HTTP/HTTPS Bindings
In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.
0:00 Intro
1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash
3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation
7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)
Resources
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
https://hackerone.com/reports/1211160