Moderate: nodejs:14 security, bug fix, and enhancement update

ELSA-2021-3074: nodejs:14 security, bug fix, and enhancement update (MODERATE)

ELSA-2021-3073: nodejs:12 security, bug fix, and enhancement update (MODERATE)

Security update for nodejs14

Security update for nodejs14

Security update for nodejs14

Security update for nodejs14

Security update for nodejs10

Security update for nodejs12

Security update for nodejs10

Security update for nodejs12

Security update for nodejs10

Security update for nodejs12

Security update for nodejs12

Security update for nodejs10

Moderate: nodejs:12 security, bug fix, and enhancement update

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().