Lightweight interpreted or JIT-compiled programming language with first-class functions
Developers of Node.js recently released new security update. Update is important and they strongly recommend to upgrade Node.js's ASAP.
All non-updated versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external hacker. The severity of this vulnerability is high and users of the affected versions should update their Node.js's as soon as possible.
More info on the Node versions released today which all include a fix for a high severity security vulnerability: https://t.co/Jek6bOCEFg
List of non-updated vulnerable versions:
- Versions 4.x of Node.js
- Versions 6.x of Node.js
- Versions 7.x of Node.js
- Versions 8.x of Node.js
Additionally, developers had provided the list of Node.js-specific security flaws. Among them:
- Constant Hashtable Seeds (CVE pending)
- Vulnerabilities in dependencies
According to the official website, updates are now available for all active Node.js release lines, including 7.x line. They include the fix for the high severity vulnerability, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines.