Description
Describe the bug
Wiz is detecting issues with the Node version included with the externals deployment, a newer version is required. The same output and remediation instructions are provided for CVE-2025-23083.
File //externals/node20/bin/node version 20.18.0 is vulnerable to CVE-2025-23090, which exists in versions >= 19, < 20.18.2.
The vulnerability was found in the VulnCheck NVD++ Database based on the CPE cpe:2.3:a:nodejs:node.js and the reporting CNA has assigned it severity: High.
The file is associated with the technology Node.js.
The vulnerability can be remediated by updating Node.js to 20.18.2 or higher.
To Reproduce
Check externals version to see if <20.18.2
Expected behavior
An update is required for the included Node version.
Runner Version and Platform
2.322.0 on Linux
OS of the machine running the runner? OSX/Windows/Linux/...
Ubuntu 24.04
What's not working?
Wiz security scan detecting vulnerable Node.js version.