The Node.js runtimes: v10.23.1, v12.20.1, and v14.15.4 contain a fix for an OpenSSL security vulnerability (CVE-2020-1971).
OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference which impacts all 10.x, 12.x, and 14.x runtimes.
These runtimes (v10.23.1, v12.20.1, v14.15.4) are not yet included in the Node.js buildpack. However, the user can specify these runtimes in their package.json to download the required runtime. For example:
The buildpack does not support semver when downloading runtimes and a specific version must be specified.