Node.js has released updates for a high severity vulnerability that could be exploited by attackers. The use-after-free vulnerability, tracked as CVE-2021-22930, is to do with how HTTP2 streams are handled in the language. This can lead to unexpected behaviors such as application crashes, or even remote code execution (RCE) in some cases. The fixes landed in the latest release 16.6.0 and were also backported to versions 12.22.4 (LTS) and 14.17.4.
Source: https://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/