Read Time:20 Second
FEDORA-2024-8d548b8c96
Packages in this update:
nodejs18-18.20.2-1.fc39
Update description:
2024-04-10, Version 18.20.2 ‘Hydrogen’ (LTS), @RafaelGSS
This is a security release.
Notable Changes
CVE-2024-27980 – Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits
[6627222409] – src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564