CVE-2020-1604 information

305 views
Skip to first unread message

Daniel Bevenius

unread,
Apr 30, 2021, 8:28:03 AMApr 30
to nodejs-sec

Based on internal discussions, we believe that Node.js is not affected by CVE-2020-16040. This assessment assumes that the code passed to the Node.js runtime is trusted and secure. That is always an assumption of the Node.js security model.

Irrespective of Node.js not being affected, we will consider pulling in the patch from V8 as part of the regular ongoing release process.

Reply all
Reply to author
Forward
0 new messages