The NodeJS delivered with my AP release has a vulnerability
search cancel

The NodeJS delivered with my AP release has a vulnerability

book

Article ID: 369325

calendar_today

Updated On:

Products

Automation Point

Issue/Introduction

On our newly upgrade Automation Point Development servers running 11.7.3.1 with NodeJS 20.11.0 we are getting a new vulnerability, "Node.js Command Injection Vulnerability."   We won't be able to install NodeJS on any servers and therefore can't use the console manager.

We were able to find more information about the vulnerability on the NodeJS website.

Cause

Vulnerability that was discovered in NodeJS 

Resolution

When Automation Point is certified for a given release of NodeJS, it is certified for all versions of the same release.   Users may download a different version of the release, in this case R20, directly from the NodeJS vendor site and upgrade the node with that instead.   

Powered by Wolken Software