Node.js is facing two security vulnerabilities, including a potentially major denial-of-service issue, with patches for the problems not available for a week. Releases of Node.js ranging from 0.12 to version 5 are vulnerable to one or both issues.
A bulletin issued today by the Node.js Foundation, which has jurisdiction over the popular server-side JavaScript platform, covers “a high-impact denial-of-service vulnerability” and a “low-impact V8 out-of-bounds access vulnerability.” V8 is the Google-developed JavaScript engine leveraged by Node.js. Officially, the DoS issue is labeled as CVE (Common Vulnerabilities and Exposures) 2015-8027, while the access problem is identified as CVE-2015-6764.
To read this article in full or to leave a comment, please click here