NodeJS July 2021 Security Releases - podcast episode cover

NodeJS July 2021 Security Releases

The Backend Engineering Show with Hussein Nasser
Jul 09, 202111 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.

0:00 Intro

1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash

3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation

7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)

Resources

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

https://hackerone.com/reports/1211160

https://snyk.io/vuln/SNYK-JS-SSRI-1085630

For the best experience, listen in Metacast app for iOS or Android