back to article Node.js sysadmins, get ready to patch

Sysadmins: within around the next 24 to 48 hours, watch out for an upcoming update to node.js to cover off a couple of vulnerabilities. The most serious, CVE-2015-8027, is a remotely-exploitable denial-of-service (DoS) bug that the node.js Foundation is keeping embargoed until the patch is issued. The DoS bug affects all …

  1. caffeine addict

    I've never played with node.js, but I'd have guessed that saying "we introduced it in this version, and it's still there" would make it relatively easy to track down, shouldn't it? Even with changes along the say, git blame for current lines introduced in 0.12 is going to give you some hefty pointers, no?

  2. trenchfoot
    Facepalm

    "Mikeal Rogers told Infoworld there are so far no exploits for the bugs in the wild."

    erm, knows that for certain does he?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020