Node.js fixes severe HTTP bug that could let attackers crash apps


Level 36
Nov 10, 2017
Node.js has released updates for a high severity vulnerability that could be exploited by attackers to corrupt the process and cause unexpected behaviors, such as application crashes and potentially remote code execution (RCE).

The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language.

Node.js pushes out immediate fixes for the flaw​

This week Node.js has pushed out fixes for high severity, use-after-free vulnerability, tracked as CVE-2021-22930.

Use-after-free vulnerabilities occur when a program tries to access a resource at a memory address that has been previously freed and no longer holds the resource.

This can lead to data corruption, or unexpected behaviors such as application crashes, or even remote code execution (RCE) in some cases.