Tags: noslate-project/node
Tags
2023-02-16, Version 16.19.1 'Gallium' (LTS) This is a security release. Notable changes: The following CVEs are fixed in this release: - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) See GHSA-5r9g-qh6m-jxff for more information. - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) See GHSA-r6ch-mqf9-qc9w for more information. - OpenSSL 1.1.1t PR-URL: https://github.com/nodejs-private/node-private/pull/390