What the vulnerability does

01Description

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Key dates

02Disclosure timeline

August 16, 2021 CVE published
April 30, 2025 Record updated