svrjs/svrjs-blog
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions
This repository has been archived on 2024-09-12. You can view files and clone it, but cannot push or open issues or pull requests.
svrjs-blog/source/_posts/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.md

23 lines
1.1 KiB
Markdown
Raw Blame History

---
title: IMPORTANT! Update Node.JS to 18.20.4, 20.15.1, 22.4.1 or newer!
date: 2024-07-08 21:04:03
tags:
- cybersecurity
- node.js
category: Notices
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-20-4-20-15-1-22-4-1-or-newer.png
---
**IMPORTANT! Update Node.JS to 18.20.4, 20.15.1, 22.4.1 or newer!**
Older versions of Node.JS had a [CVE-2024-22020 vulnerability](https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium), which involves embedding network imports in `data:` URLs to execute arbitrary code.
The original vulnerability description (from Node.JS blog):
_A security flaw in Node.js allows a bypass of network import restrictions._
_By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security._
_Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports._
_Exploiting this flaw can violate network import security, posing a risk to developers and servers._
Reference in a new issue View git blame Copy permalink