Read Time:20 Second

FEDORA-2024-2c52524694

Packages in this update:

nodejs18-18.20.2-1.fc40

Update description:

2024-04-10, Version 18.20.2 ‘Hydrogen’ (LTS), @RafaelGSS

This is a security release.

Notable Changes

CVE-2024-27980 – Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

[6627222409] – src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

Read More