Security Release for N|Solid Version 4.5.2
This is a security release for Node.js and includes fixes for three high severity issues.
Vulnerabilities fixed in Node.js
Updates are now available for v10,x, v12.x, v14.x and v15.x Node.js release lines for the following vulnerabilities in Node.js:
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High - CVE-2021-3450) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- OpenSSL - NULL pointer deref in signature_algorithms processing (High - CVE-2021-3449) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- npm upgrade - Update y18n to fix Prototype-Pollution (High - CVE-2020-7774) This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Additional References
For details about the Node.js security releases and corresponding vulnerabilities, please refer to the links below: