CVE-2021-39131

Source
https://cve.org/CVERecord?id=CVE-2021-39131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39131
Aliases
Published
2021-08-17T23:15:07.507Z
Modified
2026-07-08T06:29:31.365983788Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

ced detects character encoding using Google’s compactencdet library. In ced v0.1.0, passing data types other than Buffer causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a Buffer using Buffer.isBuffer(obj).

References

Affected packages

Git / github.com/sonicdoe/ced

Affected ranges

Type
GIT
Repo
https://github.com/sonicdoe/ced
Events
Database specific
{
    "cpe": "cpe:2.3:a:ced_project:ced:0.1.0:*:*:*:*:node.js:*:*",
    "extracted_events": [
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "0.1.0"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.1.0
v0.*
v0.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39131.json"