Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Fedora 40: FEDORA-2024-2c52524694 Critical: Node.js Command Injection

fedora
Calendar Grey April 19, 2024
Dist Fedora Esm H88
Node.js version 18.20.2 has been released to address vulnerabilities related to command injection. Ensure your Fedora 40 system is updated promptly to protect against potential security risks.
2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows Commits [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

Change Log

* Wed Apr 10 2024 Stephen Gallagher - 1:18.20.2-1 - Update to 18.20.2 * Tue Apr 9 2024 Stephen Gallagher - 1:18.20.1-1 - Update to 18.20.1

References

Fedora Update Notification FEDORA-2024-2c52524694 2024-04-19 21:20:20.799362 Name : nodejs18 Product : Fedora 40 Version : 18.20.2 Release : 1.fc40 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2c52524694' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nodejs18
Product: Fedora 40
Version: 18.20.2
Release: 1.fc40
Summary: JavaScript runtime

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.