Added CVE-2024-22019 Node.JS vulnerability warning.

2024-03-13 03:00:56 +01:00 · 2024-03-13 03:00:56 +01:00 · e638c5dc1a
commit e638c5dc1a
parent 1e165dcc58
1 changed files with 1 additions and 0 deletions
--- a/svr.js
+++ b/svr.js
@ -5042,6 +5042,7 @@ function start(init) {
      if (cluster.isPrimary === undefined) serverconsole.locwarnmessage("You're running SVR.JS on single thread. Reliability may suffer, as the server is stopped after crash.");
      if (crypto.__disabled__ !== undefined) serverconsole.locwarnmessage("Your Node.JS version doesn't have crypto support! The 'crypto' module is essential for providing cryptographic functionality in Node.JS. Without crypto support, certain security features may be unavailable, and some functionality may not work as expected. It's recommended to use a Node.JS version that includes crypto support to ensure the security and proper functioning of your server.");
      if (crypto.__disabled__ === undefined && !crypto.scrypt) serverconsole.locwarnmessage("Your JavaScript runtime doesn't have native scrypt support. HTTP authentication involving scrypt hashes will not work.");
+      if (!process.isBun && /^v(?:[0-9]\.|1[0-7]\.|18\.(?:[0-9]|1[0-8])\.|18\.19\.0|20\.(?:[0-9]|10)\.|20\.11\.0|21\.[0-5]\.|21\.6\.0|21\.6\.1(?![0-9]))/.test(process.version)) serverconsole.locwarnmessage("Your Node.JS version is vulnerable to HTTP server DoS vulnerability (CVE-2024-22019).");
      if (process.getuid && process.getuid() == 0) serverconsole.locwarnmessage("You're running SVR.JS as root. It's recommended to run SVR.JS as an non-root user. Running SVR.JS as root may increase the risks of OS command execution vulnerabilities.");
      if (secure && process.versions && process.versions.openssl && process.versions.openssl.substr(0, 2) == "1.") {
        if (new Date() > new Date("11 September 2023")) {