In this video I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.

  • 0:00 Intro
  • 1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash
  • 3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation
  • 7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)

Resources
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
https://hackerone.com/reports/1211160
https://snyk.io/vuln/SNYK-JS-SSRI-1085630

Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🔥 Members Only Content
https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg

Support my work on PayPal
https://bit.ly/33ENps4

🧑‍🏫 Courses I Teach
https://husseinnasser.com/courses

🏭 Backend Engineering Videos in Order
https://backend.husseinnasser.com

💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2

🎙️Listen to the Backend Engineering Podcast
https://husseinnasser.com/podcast

Gears and tools used on the Channel (affiliates)

🖼️ Slides and Thumbnail Design
Canva
https://partner.canva.com/c/2766475/647168/10068

🎙️ Mic Gear
Shure SM7B Cardioid Dynamic Microphone
https://amzn.to/3o1NiBi

Cloudlifter
https://amzn.to/2RAeyLo

XLR cables
https://amzn.to/3tvMJRu

Focusrite Audio Interface
https://amzn.to/3f2vjGY

📷 Camera Gear
Canon M50 Mark II
https://amzn.to/3o2ed0c

Micro HDMI to HDMI
https://amzn.to/3uwCxK3

Video capture card
https://amzn.to/3f34pyD

AC Wall for constant power
https://amzn.to/3eueoxP

Stay Awesome,
Hussein

#node #nodejs

One Regular Expression Can Crash NodeJS
14.00 GEEK