Node.js - v18.20.2
Security
This is a security release.
Notable Changes
- CVE-2024-27980 - Command injection via args parameter of
child_process.spawn
without shell option enabled on Windows
Commits
- [
6627222409
] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564
Security
Details
date
April 10, 2024, 4:34 p.m.
name
2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Node.js releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!