the following vulnerability was published for nodejs.
| Eval injection vulnerability in index.js in the syntax-error package
| before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application
| Developer and other products, allows remote attackers to execute
| arbitrary code via a crafted file.
The advisories seem to indicate that this is fixed in the development
version 0.11, but I haven't checked that.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.