package: src:nodejs
severity: important
tags: security


the following vulnerability was published for nodejs.

| Eval injection vulnerability in index.js in the syntax-error package
| before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application
| Developer and other products, allows remote attackers to execute
| arbitrary code via a crafted file.

The advisories seem to indicate that this is fixed in the development
version 0.11, but I haven't checked that.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.

Pkg-javascript-devel mailing list

Reply via email to