Date: Fri, 09 Jul 2021 00:44:25 GMT
<p>In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.</p> <p>0:00 Intro</p> <p>1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash</p> <p>3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation</p> <p>7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)</p> <p>Resources</p> <p>https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/</p> <p>https://hackerone.com/reports/1211160</p> <p><a href="https://snyk.io/vuln/SNYK-JS-SSRI-1085630">https://snyk.io/vuln/SNYK-JS-SSRI-1085630</a></p>