Vulnerability Report: Node.js Package on-headers < 1.1.0 in Node-Red

Hello,

Component: Node.js
Package: on-headers
Affected Version: 1.0.2
Used In: Node-RED 4.0.9

Impact:

  • Exposure of Sensitive Information
  • Manipulation of Data

Description:
The on-headers package (version 1.0.2) used in the Node-red version 4.0.9 is known to have security vulnerabilities that could lead to data exposure or unintended data manipulation

References:

Hi,

Node-RED 4.1.0 was released this week that includes updates for this.

For future reference, please follow the project’s security policy for reporting anything security related: GitHub - node-red/node-red: Low-code programming for event-driven applications rather than publish to public forum.

1 Like