Vulnerability in node.exe in Adobe Photoshop 2021 directory

New Here ,
May 06, 2021 May 06, 2021

Copy link to clipboard

Copied

Hi, our Microsoft Advanced protection system detects that there is an active exploit in node.exe in photoshop 2021.

It is a particularly out of date version of  8.11.1 and has active exploits.

Do we know when this will be patched out?

 

Thanks

TOPICS
Installation

Views

672

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

New Here , May 17, 2021 May 17, 2021
We are experiencing the same. node.exe version 8.11.1 is listed as End of Support with 11 vulnerabilities.Node.js website specifies version 16 as the latest stable version.This needs to be updated by Adobe asap. C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate
LEGEND ,
May 06, 2021 May 06, 2021

Copy link to clipboard

Copied

Have you told Microsoft so they can fix this false positive? You seem to be jumping ahead from a report to a definite.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 17, 2021 May 17, 2021

Copy link to clipboard

Copied

We are experiencing the same. node.exe version 8.11.1 is listed as End of Support with 11 vulnerabilities.

Node.js website specifies version 16 as the latest stable version.

This needs to be updated by Adobe asap.

 

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

I don't know if it is a false positive.  I saw on the forum previous instances of the nodejs being out of date and been vulnerable.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

Being out of date, and being vulnerable are not the same thing at all. You need to read the specific details of the vulnerability to see if it is applicable. For example, node.js might be used only to show pages from Adobe's signin page. The vulnerability might exist if serving pages from a site hosting malware. No vulnerability. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

See attached for listed vulnerabilites

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

I'm not going to read all that, I was suggesting that you do the research. But to come back to your original question do we know WHETHER this will be patched (and when)? No, we do not. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

Jumping to the conclusion that this is a false positive i find to be somewhat cavilier M8, expecialy in this current year

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

LATEST

Then perhaps you'd better report it to Adobe. Posting here you just get the opinions, informed or nonsense, of other Adobe customers.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2021 May 27, 2021

Copy link to clipboard

Copied

We have the same question. In reading past posts regarding Node.exe, It would be helpfull of Adobe was more proactive about fixing vunerabilities in third products bundled with their product.

 

Version of Photoshop is current, 22.4.1

Version of NodeJS is 8.11.1.0 which A) is an EOS version and B) with exploits avalible

 

C:\Program Files\Adobe\Adobe Photoshop 2021\node.exe

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines