Vulnerability in node.exe in Adobe Photoshop 2021 directory

Community Beginner ,
May 06, 2021 May 06, 2021

Copy link to clipboard

Copied

Hi, our Microsoft Advanced protection system detects that there is an active exploit in node.exe in photoshop 2021.

It is a particularly out of date version of  8.11.1 and has active exploits.

Do we know when this will be patched out?

 

Thanks

TOPICS
Installation

Views

2.5K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 2 Correct answers

New Here , May 17, 2021 May 17, 2021
We are experiencing the same. node.exe version 8.11.1 is listed as End of Support with 11 vulnerabilities.Node.js website specifies version 16 as the latest stable version.This needs to be updated by Adobe asap. C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate
Community Beginner , Jun 21, 2021 Jun 21, 2021
HI I went on support with the Adobe Engineer.  He said that the node.exe in photoshop was indeed out of date.  He will have it updated on the next photoshop update. He did suggest copying the node file from C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\ and pasting it into photoshop and replacing it (backing up the old node file first). This is something you do at your own risk, I will wait for the next update. 

Likes

Translate

Translate
LEGEND ,
May 06, 2021 May 06, 2021

Copy link to clipboard

Copied

Have you told Microsoft so they can fix this false positive? You seem to be jumping ahead from a report to a definite.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 17, 2021 May 17, 2021

Copy link to clipboard

Copied

We are experiencing the same. node.exe version 8.11.1 is listed as End of Support with 11 vulnerabilities.

Node.js website specifies version 16 as the latest stable version.

This needs to be updated by Adobe asap.

 

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

I don't know if it is a false positive.  I saw on the forum previous instances of the nodejs being out of date and been vulnerable.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

Being out of date, and being vulnerable are not the same thing at all. You need to read the specific details of the vulnerability to see if it is applicable. For example, node.js might be used only to show pages from Adobe's signin page. The vulnerability might exist if serving pages from a site hosting malware. No vulnerability. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

See attached for listed vulnerabilites

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

I'm not going to read all that, I was suggesting that you do the research. But to come back to your original question do we know WHETHER this will be patched (and when)? No, we do not. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

Jumping to the conclusion that this is a false positive i find to be somewhat cavilier M8, expecialy in this current year

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

Then perhaps you'd better report it to Adobe. Posting here you just get the opinions, informed or nonsense, of other Adobe customers.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 21, 2021 Jul 21, 2021

Copy link to clipboard

Copied

Did you actualy read the above? He did report it. Im more commenting on your 'conclusion' that this is a false positive. Looking at your post history, all i see from you is toxic replies to genuine questions.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

We have the same question. In reading past posts regarding Node.exe, It would be helpfull of Adobe was more proactive about fixing vunerabilities in third products bundled with their product.

 

Version of Photoshop is current, 22.4.1

Version of NodeJS is 8.11.1.0 which A) is an EOS version and B) with exploits avalible

 

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 21, 2021 Jun 21, 2021

Copy link to clipboard

Copied

HI

 

I went on support with the Adobe Engineer.  He said that the node.exe in photoshop was indeed out of date.  He will have it updated on the next photoshop update.

 

He did suggest copying the node file from C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\ and pasting it into photoshop and replacing it (backing up the old node file first).

 

This is something you do at your own risk, I will wait for the next update.

 

🙂

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 24, 2021 Jul 24, 2021

Copy link to clipboard

Copied

LATEST

Another one I found, in dream weaver

Adobe\Adobe Dreamweaver 2021\node\node.exe

the version of node is listed as 6.17.1

defaultdzaaj989ge9d_0-1627195100350.png

this is quite out of date

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines