Using OpenCVE, I am finding several vulnerabilities in Node.js:
“experimental policy mechanism”: (CVE-2023-32002, CVE-2023-32559)
“experimental permission model”: (CVE-2024-21896, CVE-2024-21891)
CVE-2023-30587, CVE-2023-30584, CVE-2023-30583, CVE-2023-30582)
EPIC Firmware 4.0.1, Node.js 20.12.2: Are these experimental Node.js features enabled on the EPIC System?
As I understand them, those features are only enabled if you choose to enable them when you launch node processes in the first place. E.g. you have to run node --experimental-permission /path/to/my/application to enable them. We don’t do that anywhere.
Did a bit more digging just to be sure.
Thanks Jonathan for this great information,
The network I need to use has exceptional rules for approval. I am spending a lot of time researching all the software included with the EPIC PR2 system. I have been able to find answers for most of the issues found in the OpenCVE database. I have a lot more questions I am still working. Does OPTO22 have pertinent data in this area? I notice that some others have references in CVE.org. (for example References for vendors like python, github, netapp, ubuntu, etc.)