Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker could exploit this vulnerability to perform PATH and DLL hijacking attacks
Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv’s uv__idna_toascii() function. By invoking the function using the DNS module’s lookup() function, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
Upgrade to the latest version of Node.js (12.22.2, 14.17.2, or 16.4.1 or later), available from the Node.js Web site. https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/