CVE-2020-1604 information

Skip to first unread message

Daniel Bevenius

Apr 30, 2021, 8:28:03 AM4/30/21
to nodejs-sec

Based on internal discussions, we believe that Node.js is not affected by CVE-2020-16040. This assessment assumes that the code passed to the Node.js runtime is trusted and secure. That is always an assumption of the Node.js security model.

Irrespective of Node.js not being affected, we will consider pulling in the patch from V8 as part of the regular ongoing release process.

Reply all
Reply to author
0 new messages