Security Release for N|Solid Version 4.5.2 - NodeSource

The NodeSource Blog

You have reached the beginning of time!

Security Release for N|Solid Version 4.5.2

This is a security release for Node.js and includes fixes for three high severity issues.

Vulnerabilities fixed in Node.js

Updates are now available for v10,x, v12.x, v14.x and v15.x Node.js release lines for the following vulnerabilities in Node.js:

  • OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High - CVE-2021-3450) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • OpenSSL - NULL pointer deref in signature_algorithms processing (High - CVE-2021-3449) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
  • npm upgrade - Update y18n to fix Prototype-Pollution (High - CVE-2020-7774) This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh

Additional References

For details about the Node.js security releases and corresponding vulnerabilities, please refer to the links below:

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free