New Node.js Runtimes Contain a Fix for OpenSSL Vulnerability

less than a min read

The Node.js runtimes: v10.23.1, v12.20.1, and v14.15.4 contain a fix for an OpenSSL security vulnerability (CVE-2020-1971).

OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference which impacts all 10.x, 12.x, and 14.x runtimes. 

These runtimes (v10.23.1, v12.20.1, v14.15.4) are not yet included in the Node.js buildpack. However, the user can specify these runtimes in their package.json to download the required runtime.  For example: 

"engines": {
     "node": "12.20.1"
}

The buildpack does not support semver when downloading runtimes and a specific version must be specified.  

Learn more

Be the first to hear about news, product updates, and innovation from IBM Cloud