| Date | Version | Description | Signature |
|---|
| 2025-01-31 12:30:56 | 22.13.1 | New major LTS version | a0X8jJJ/Gi3KvdBeDxxcSJoGG/tVv4qGsJOtSx3yjqNNfEb5JKpONfbq8TCKrohILYCN9esLYSf+
4WKscxvqMiU1treb9eLxiKtZq0OozArKNWP59Al4ojpp5Nde2lE25JwVdxIJgcvpH6OagTeruUuD
A2erU0aVHhx+NvtMqwf7xXoKcYJinGX6aTbRogyq07UeqQQ2vK8nKNIIv3Yoep4Y81eGnKgcFPn1
NS9f3oESORyOJzl53htTrnyJ9WdqtLfmSNHif9qGWVzd3SAWB6SxScX4aeKwwTEKu3Lw9+aqWpNe
SO2MfVLPuy1vb16kXJkUlnLNGlfER9v5QbCiLg== |
| 2024-10-17 11:30:24 | 20.18.0 | Due to high amount of RCE, NodeJS is considered unsecure and not recommended for production usage.
Suggested alternative is pure V8 engine without node/npm.
* CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
* CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
* CVE-2024-22018 - fs.lstat bypasses permission model (Low)
* CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
* CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io\_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
| AcUKA1djqt+yLF+nez8Ctzdu93JFgL0g4DnVjVcPgLxEyWl5OUh56GnJQ2OtsMo1msnLDfdDsslz
O2OrD335ytgj//El/l/4Qvr1mfG3GGtWSrpVw5FKq7pDwEh23uvZprl/3y0719TQWe4GCVlwjYN/
xs6wLTv38IFFPFdugzqSbIZI83fgtzzMQoqqauP0jpuExSYf04yljCzM87MAlRLQbyWipRonzUCj
JPd7+HRdYUOwMQI+Xz3JsrjxF2f2ZGNP4XfX8eYbLFhcTW7wn94ID4HIpuC0NUq6rru74vTHRAzy
FyvX8gFz01Yp6k2cwJHZI/1nkf7aFAlxdnVK1A== |
| 2023-10-24 11:02:04 | 20.8.1 | New major LTS.
Security: Node doesnt support removing Http2 support (Medium)
CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
CVE-2023-39331: Permission model improperly protects against path traversal (High)
CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)
| SD1yn4FvgRbu/fLKy8V/3QbR1MQmoXF5V9GvRFJL+tOf7Wid3AG3HrpfBXXLOzZ3kSDXySf7a3vt
GRoBX5uU5uzDPjxujKzTtk38rqqTOS1fKqx/aA0ji/moHiKZtDFxpKw7UNx7Kgle4WzR5rObmh7T
T2Hn+SptKAWNFouaMootmdQ0V/WYADzC8BYc3igpgbOcdSQl6TbRiY1pasBf0fhMNx8wXYhSDTSt
p3mGDj+dZ3KzlQlyneC40qSiyuJRYlvenOh7W1Nb4F5KpkX3ghoMnBR2wY6y4Kx/L8vbPoPGR3p7
bG02GrMAu5yz7/OjQkmVQxsaaDPkB7d0QhgssA== |
| 2023-09-18 14:53:05 | 18.17.1 | security updates | oOIwv5CUKskY9jLKIgiq/hWbzhQPNFu1hsj+sVE8LZ+6nwngSMHhBKfLBjezLdneD+oaxS8taG90
9WROiugkKwLi0JXeTwFzKoTHj99NNJgn0T5HLMnuYNxE1QGpfe7AF4/UD1z7RfO7P/BR9ahcew8X
zEP9kVViIltUmMzM4sCSmpKSpN8/cQrYr95/0mr9E0XaGanhfXZLp7b05pwbai2PHiLTzLIBHcyY
6x0X8ZDsCKL02i3Iev2f7AeBe4iwF1VDOrBB1UvPYbq8ckcrpDG9kzv7OKmJARUqfpH4jS9RiBvz
AI6vxIR79RNxjWIk12jk9+u7Y03zm/fi/l9nkw== |
| 2022-11-28 14:26:47 | 18.12.1 | | FCs/2ROu44YDpz1KD5v9JMtCh320xRHAUVJrpEygo4I/QJHXkrY7Fwsoq7pGRI0k7NDMcOlJiwXG
hc7qy28g6+P6LrDhIl6pBug/enaIo0LpD1GrGpCKOncQiasw1O88y0VqS2rDIOW7wz0hsPBGW46o
mVx+8g3xgCEV10i8DDGk0bfPq7AV/rRXWtJ7Z8c+RiJjkdc1nRwo7SzufvlvOZECOa5UgtFIyXOO
iVxK0CkKFU3mj+zW0ZcEBB4aT5FzpLvMiiSwPKdmMIYA6F6RY9mdQ1mtrXvfkyGHdYpkxV1O8sTB
8MlUSH5RMruJ66F93iHdPaCUctiaMAdmxsD4JQ== |
| 2022-03-16 16:17:12 | 16.14.1 | | cAGUgA1AkQ1N9RfYQ0Szln97YHCgw9xwvIHsOqBYgaGVhhcssKOKbBqo5sWhaFfcCsFZEIEXgLRs
abvasDH+uTOO99NmNW1+GXXivGZcEU7ni676Y/jVUfC6YPeeyx2/O4SlhObk/ntm4W2Ql/a2a9kF
HjjdDuIvQ8ue/jCcfP9vvBlBZwwEeL8aphDO21QF2VDGmo7cAY3pS4jJVcKQ+TVl3HBKIE6fkbRY
pmJOtrjb/gCbcjmvTxOctlqz8xkcfY9V4PoZwdMfi86zAZfn13WDD/fSu510WNonhmDIREuYJpOA
SS2yd94AN3+xPt36N8YRjvkn1uuVpWkS1HEhkQ== |
| 2020-06-10 10:03:53 | 12.18.0 | | io4cd7r9mc+LY9765qZTRNNFc4xk8xskm2GCO7ttpM22N6fKg4EWduTQNHIw45Z8z72gYjPBkn8Y
Wb/kl2BQuqMKM5LK1rCAUAQCMESEjhlaOwaqRujz1tG4Ze8WTrL+/Kxv8JVjYv7ytoFxYvER02kT
JlJSwwH4aDk4NB53CScSsDgYmielRBhEyMne06n1lFgJoZamrvRbFZsEjM1MfamvfPJKxtyy1qR3
pon5nlL0VxVHzSpcHaNDYrZu1oKV7tosKcR/6GwkVa9UcLF57hGFLShTBvMFkUGhrUmJsG1jbxEz
Ho0Tb5vcWJS8q+9V0m4D6rHAj1KvxtxRf93Q8A== |
| 2018-11-27 10:44:02 | 10.13.0 | | |
| 2017-12-22 13:05:15 | 8.9.3 | | |
| 2016-10-23 09:31:36 | 4.6.1 | | |