The Node.js Foundation revealed a denial-of-service and an out-of-bounds access issue and said the fixes will come next week
Node.js is facing two security vulnerabilities, including a
potentially major denial-of-service issue, with patches for the problems
not available for a week. Releases of Node.js ranging from 0.12 to
version 5 are vulnerable to one or both issues.
A bulletin issued today by the Node.js Foundation, which has jurisdiction over the popular server-side JavaScript platform,
covers "a high-impact denial-of-service vulnerability" and a
"low-impact V8 out-of-bounds access vulnerability." V8 is the
Google-developed JavaScript engine leveraged by Node.js. Officially, the
DoS issue is labeled as CVE (Common Vulnerabilities and Exposures)
2015-8027, while the access problem is identified as CVE-2015-6764.
