Node.JS Product Security Update Advisory (CVE-2024-36138, CVE-2024-27980)

Jul 11 2024

Overview

An update have been released vulnerabilities in Node.js products has been announced. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-36138, CVE-2024-27980

Node.js version: ~18.20.4 (excluded)
Node.js version: ~20.15.1 (excluded)
Node.js version: ~22.4.1 (excluded)

Resolved Vulnerabilities

Arbitrary code execution vulnerability via a Command Injection vulnerability in the Node.js product on Windows (CVE-2024-36138)
Command Injection vulnerability in Windows in Node.js products (CVE-2024-27980)

Vulnerability Patches

The following Vulnerability Patches were made available in the 07/10/2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-36138, CVE-2024-27980

Node.js version: 18.20.4
Node.js version: 20.15.1
Node.js version: 22.4.1

Referenced Sites

[1] Node.js Product Security Update Advisory

https://www.krcert.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71488

Node.JS Product Security Update Advisory (CVE-2024-36138, CVE-2024-27980)

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Tags:

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory