Add "IMPORTANT! Update Node.JS to 18.20.4, 20.15.1, 22.4.1 or newer!" post.

2024-07-08 22:16:22 +02:00 · 2024-07-08 22:16:22 +02:00 · d3d8f8febc
commit d3d8f8febc
parent eceacb8ccd
2 changed files with 23 additions and 0 deletions
--- a/source/_posts/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.md
+++ b/source/_posts/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.md
@ -0,0 +1,23 @@
+---
+title: IMPORTANT! Update Node.JS to 18.20.4, 20.15.1, 22.4.1 or newer!
+date: 2024-07-08 21:04:03
+tags:
+ - cybersecurity
+ - node.js
+category: Notices
+thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.png
+---
+
+**IMPORTANT! Update Node.JS to 18.20.4, 20.15.1, 22.4.1 or newer!**
+
+Older versions of Node.JS had a [CVE-2024-22020 vulnerability](https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium), which involves embedding network imports in `data:` URLs to execute arbitrary code.
+
+The original vulnerability description (from Node.JS blog):
+
+_A security flaw in Node.js allows a bypass of network import restrictions._
+
+_By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security._
+
+_Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports._
+
+_Exploiting this flaw can violate network import security, posing a risk to developers and servers._
--- a/source/images/covers/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.png
+++ b/source/images/covers/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.png