Home About Downloads Docs Foundation Get Involved Security News by Rod Vagg, 2015-11-25 This announcement is for: CVE-2015-8027: a high-impact denial of service vulnerability CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue is high (see CVSS scoring below) and users of the affected versions should plan to upgrade when a fix is made available. Versions 0.10.x of Node.js are not affected . Versions 0.12.x of Node.js are vulnerable . Versions 4.x, including LTS Argon, of Node.js are vulnerable . Versions 5.x of Node.js are vulnerable . Full details of this vulnerability are embargoed until new releases are available on Wednesday the 2nd of December 2015, UTC (Tuesday the 1...