{"id":"ALPINE-CVE-2021-37713","details":"The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\\path`. If the drive letter does not match the extraction target, for example `D:\\extraction\\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.","modified":"2025-12-03T22:48:49.537838Z","published":"2021-08-31T17:15:08.087Z","upstream":["CVE-2021-37713"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2021-37713"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Alpine:v3.11","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.22.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.15.0-r0","12.15.0-r1","12.20.1-r0","12.21.0-r0","12.22.1-r0","12.22.2-r0","12.22.4-r0","12.22.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.12","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.22.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","12.20.1-r0","12.21.0-r0","12.22.1-r0","12.22.2-r0","12.22.4-r0","12.22.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.1-r0","14.16.1-r1","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"versions":["10.13.0-r0","10.14.0-r0","10.14.1-r0","10.14.2-r0","10.15.1-r0","10.15.3-r0","10.16.0-r0","10.16.1-r0","10.16.2-r0","10.16.3-r0","12.13.0-r0","12.13.0-r1","12.13.1-r0","12.14.0-r0","12.14.1-r0","12.15.0-r0","12.15.0-r1","12.15.0-r2","12.16.2-r0","12.16.3-r0","12.16.3-r1","12.17.0-r0","12.18.0-r0","12.18.0-r1","12.18.0-r2","12.18.2-r0","12.18.3-r0","12.18.4-r0","12.19.0-r0","14.15.1-r0","14.15.3-r0","14.15.3-r1","14.15.3-r2","14.15.4-r0","14.15.5-r0","14.16.0-r0","14.16.0-r1","14.16.1-r0","14.16.1-r1","14.16.1-r2","14.17.0-r0","14.17.1-r0","14.17.2-r0","14.17.3-r0","14.17.4-r0","14.17.5-r0","4.4.3-r0","4.4.4-r0","4.4.5-r0","4.4.7-r0","4.5.0-r0","6.10.0-r0","6.10.1-r0","6.10.3-r0","6.11.0-r0","6.11.1-r0","6.11.1-r1","6.11.1-r2","6.11.2-r0","6.11.3-r0","6.11.4-r0","6.11.5-r0","6.9.1-r0","6.9.1-r1","6.9.2-r0","6.9.4-r0","6.9.4-r1","6.9.5-r0","6.9.5-r1","8.10.0-r0","8.11.0-r0","8.11.0-r1","8.11.1-r0","8.11.1-r1","8.11.1-r2","8.11.2-r0","8.11.3-r0","8.11.3-r1","8.11.3-r2","8.11.3-r3","8.11.4-r0","8.12.0-r0","8.9.0-r0","8.9.1-r0","8.9.2-r0","8.9.3-r0","8.9.3-r1","8.9.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}},{"package":{"name":"nodejs","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/nodejs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.17.6-r0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-37713.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}