CVE-2021-39131: Improper Handling of Exceptional Conditions

August 17, 2021 (updated November 7, 2023)

ced detects character encoding using Google’s compact_enc_det library. In ced, passing data types other than Buffer causes the Node.js process to crash. As a workaround, before passing an argument to ced, verify it’s a Buffer using Buffer.isBuffer(obj).

References

nvd.nist.gov/vuln/detail/CVE-2021-39131

Detect and mitigate CVE-2021-39131 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →