Updating Node.js
73 views
Skip to first unread message
Daniel De Jesus
May 20, 2025, 12:58:26 AM5/20/25
to Wazuh | Mailing List
Hello,
This email message contains information from Cheyenne Mountain School District 12. The information contained in this email may be confidential and is intended only for the use of the recipient named above. If you are not the intended recipient, please delete the original message without disclosing, distributing, or copying. Under the Colorado Open Records Act (CORA), all messages on this district-owned e-mail account may be subject to public disclosure.
Running Wazuh 4.11.2, on Ubuntu 20.0.4.6 . I need to update node.js as it is coming up on a vuln scan. How would that be done as it has dependency with Wazuh? Thanks in advance for your insight.
This email message contains information from Cheyenne Mountain School District 12. The information contained in this email may be confidential and is intended only for the use of the recipient named above. If you are not the intended recipient, please delete the original message without disclosing, distributing, or copying. Under the Colorado Open Records Act (CORA), all messages on this district-owned e-mail account may be subject to public disclosure.
Message has been deleted
Md. Nazmur Sakib
May 20, 2025, 1:28:38 AM5/20/25
to Wazuh | Mailing List
Hi Daniel,
We are aware of this Node.js version vulnerability.
Wazuh Dashboard is based on OpenSearch Dashboards, which defines the NodeJS version.
You can read this document to learn more:
https://github.com/wazuh/wazuh-dashboard/issues/523
Based on the opensearch repository, this is still pending
This upgrade addresses issues like current detected vulnerabilities, as Node.js 20.18.1 includes fixes for vulnerabilities present in 20.0.4.6 (the version flagged by your vulnerability scanner).
Patching by yourself is not a viable option because it could introduce compatibility issues. I would advise you to follow up with the OpenSearch community.
Let me know if you need any further information on this.
Daniel De Jesus
May 20, 2025, 12:46:51 PM5/20/25
to Md. Nazmur Sakib, Wazuh | Mailing List
Thank you Nazmur. Much appreciated! I will keep a lookout for updates from OpenSearch.
Kind regards
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/PnEAUz4rJoE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/0fb1ddb2-e49c-4deb-9d82-5cce547c5905n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages