K000161266: Node.js vulnerability CVE-2025-23166

Security Advisory Description The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism...

AZL-61919 CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

Race Condition

Overview terra-notebook-utils is an Utilities for the Terra notebook environment. Affected versions of this package are vulnerable to Race Condition in task submission due to improper thread synchronization. The issue could lead to crashes or inconsistent task states when tasks are submitted from...