The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowExce ...

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

ELSA-2025-8514: nodejs:20 security update (IMPORTANT)

ELSA-2025-8506: nodejs:22 security update (IMPORTANT)

ELSA-2025-8468: nodejs:20 security update (IMPORTANT)

ELSA-2025-8467: nodejs:22 security update (IMPORTANT)

Security update for nodejs22

Security update for nodejs22

ELSA-2025-8493: nodejs22 security update (IMPORTANT)

Security update for nodejs20

Security update for nodejs20