Skip to content

fix(security): Patch Node.js async_hooks DoS vulnerability (CVE-2025-59466)#17082

Merged
pettinarip merged 2 commits into
masterfrom
patch-node
Jan 15, 2026
Merged

fix(security): Patch Node.js async_hooks DoS vulnerability (CVE-2025-59466)#17082
pettinarip merged 2 commits into
masterfrom
patch-node

Conversation

@wackerow
Copy link
Copy Markdown
Member

@wackerow wackerow commented Jan 14, 2026

Description

  • Updated .nvmrc to patched version
  • Bump to 22.22.0 to match Netlify

Summary

  • Bumps Node.js version to patch CVE-2025-59466 (CVSS 7.5)
  • Vulnerability allows DoS via stack overflow when async_hooks/AsyncLocalStorage is enabled
  • Affects all Next.js apps, React Server Components, and APM tools (Datadog, New Relic, OpenTelemetry)
  • Attack vector: deeply nested JSON payload crashes server without catchable error

Patched Versions

Current Patched
<20.20.0 20.20.0+
20.x 20.20.0
22.x 22.22.0
23.x 24.13.0 (no 23.x patch)
24.x 24.13.0

References

@wackerow
fix(security): bump Node.js for CVE-2025-59466
9b6fb2f 
Patches async_hooks stack overflow vulnerability that affects all apps using AsyncLocalStorage (React Server Components, Next.js, APM tools).

Patched versions:
- Node 20.20.0+
- Node 22.22.0+
- Node 24.13.0+
@wackerow
bump(dep): node version to match Netlify
4266b74
@netlify
Copy link
Copy Markdown

netlify Bot commented Jan 14, 2026
edited
Loading

Deploy Preview for ethereumorg ready!

Name Link
🔨 Latest commit 4266b74
🔍 Latest deploy log https://app.netlify.com/projects/ethereumorg/deploys/696829940b5d610008aeae50
😎 Deploy Preview https://deploy-preview-17082.ethereum.it
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 7 paths audited
Performance: 54 (🟢 up 2 from production)
Accessibility: 94 (no change from production)
Best Practices: 100 (🟢 up 1 from production)
SEO: 100 (no change from production)
PWA: 59 (no change from production)
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions Bot added the config ⚙️ Changes to configuration files label Jan 14, 2026
@pettinarip pettinarip merged commit bc45a51 into master Jan 15, 2026
11 checks passed
@pettinarip pettinarip deleted the patch-node branch January 15, 2026 09:24
@wackerow wackerow mentioned this pull request Jan 15, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pettinarip pettinarip pettinarip approved these changes

@corwintines corwintines Awaiting requested review from corwintines

@minimalsm minimalsm Awaiting requested review from minimalsm

Assignees

No one assigned

Labels

config ⚙️ Changes to configuration files

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wackerow @pettinarip