OESA-2025-1235

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1235
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1235.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1235
Upstream
Published
2025-03-07T15:26:43Z
Modified
2025-08-12T05:49:16.761796Z
Summary
nodejs security update
Details

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

Security Fix(es):

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.(CVE-2025-23083)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS / nodejs

Package

Name
nodejs
Purl
pkg:rpm/openEuler/nodejs&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.18.2-1.oe2403

Ecosystem specific 

{
    "aarch64": [
        "nodejs-20.18.2-1.oe2403.aarch64.rpm",
        "nodejs-debuginfo-20.18.2-1.oe2403.aarch64.rpm",
        "nodejs-debugsource-20.18.2-1.oe2403.aarch64.rpm",
        "nodejs-devel-20.18.2-1.oe2403.aarch64.rpm",
        "nodejs-full-i18n-20.18.2-1.oe2403.aarch64.rpm",
        "nodejs-libs-20.18.2-1.oe2403.aarch64.rpm",
        "npm-10.8.2-1.20.18.2.1.oe2403.aarch64.rpm",
        "v8-devel-11.3.244.8-1.20.18.2.1.oe2403.aarch64.rpm"
    ],
    "noarch": [
        "nodejs-docs-20.18.2-1.oe2403.noarch.rpm"
    ],
    "x86_64": [
        "nodejs-20.18.2-1.oe2403.x86_64.rpm",
        "nodejs-debuginfo-20.18.2-1.oe2403.x86_64.rpm",
        "nodejs-debugsource-20.18.2-1.oe2403.x86_64.rpm",
        "nodejs-devel-20.18.2-1.oe2403.x86_64.rpm",
        "nodejs-full-i18n-20.18.2-1.oe2403.x86_64.rpm",
        "nodejs-libs-20.18.2-1.oe2403.x86_64.rpm",
        "npm-10.8.2-1.20.18.2.1.oe2403.x86_64.rpm",
        "v8-devel-11.3.244.8-1.20.18.2.1.oe2403.x86_64.rpm"
    ],
    "src": [
        "nodejs-20.18.2-1.oe2403.src.rpm"
    ]
}