Vulnerability in node.exe in Adobe Photoshop 2021 directory

Report · May 06, 2021

Hi, our Microsoft Advanced protection system detects that there is an active exploit in node.exe in photoshop 2021.

It is a particularly out of date version of 8.11.1 and has active exploits.

Do we know when this will be patched out?

Thanks

Report · May 06, 2021

Have you told Microsoft so they can fix this false positive? You seem to be jumping ahead from a report to a definite.

Report · May 17, 2021

We are experiencing the same. node.exe version 8.11.1 is listed as End of Support with 11 vulnerabilities.

Node.js website specifies version 16 as the latest stable version.

This needs to be updated by Adobe asap.

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Report · May 18, 2021

I don't know if it is a false positive. I saw on the forum previous instances of the nodejs being out of date and been vulnerable.

Report · May 18, 2021

Being out of date, and being vulnerable are not the same thing at all. You need to read the specific details of the vulnerability to see if it is applicable. For example, node.js might be used only to show pages from Adobe's signin page. The vulnerability might exist if serving pages from a site hosting malware. No vulnerability.

Report · May 18, 2021

See attached for listed vulnerabilites

Report · May 18, 2021

I'm not going to read all that, I was suggesting that you do the research. But to come back to your original question do we know WHETHER this will be patched (and when)? No, we do not.

Report · May 27, 2021

Jumping to the conclusion that this is a false positive i find to be somewhat cavilier M8, expecialy in this current year

Report · May 27, 2021

Then perhaps you'd better report it to Adobe. Posting here you just get the opinions, informed or nonsense, of other Adobe customers.

Report · Jul 21, 2021

Did you actualy read the above? He did report it. Im more commenting on your 'conclusion' that this is a false positive. Looking at your post history, all i see from you is toxic replies to genuine questions.

Report · May 27, 2021

We have the same question. In reading past posts regarding Node.exe, It would be helpfull of Adobe was more proactive about fixing vunerabilities in third products bundled with their product.

Version of Photoshop is current, 22.4.1

Version of NodeJS is 8.11.1.0 which A) is an EOS version and B) with exploits avalible

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Report · Jun 21, 2021

HI

I went on support with the Adobe Engineer. He said that the node.exe in photoshop was indeed out of date. He will have it updated on the next photoshop update.

He did suggest copying the node file from C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\ and pasting it into photoshop and replacing it (backing up the old node file first).

This is something you do at your own risk, I will wait for the next update.

🙂

Report · Jul 24, 2021

Another one I found, in dream weaver

Adobe\Adobe Dreamweaver 2021\node\node.exe

the version of node is listed as 6.17.1

this is quite out of date

Adobe Community

Vulnerability in node.exe in Adobe Photoshop 2021 directory

2 Correct answers