node.exe and node.js flagged as unsecure

Forum|Forum|10 years ago
August 5, 2015
6 replies
13262 views

The files node.exe and node.js are installed as part of the Photoshop CC suite as part of the Creative Cloud component.

The version of node.exe currently installed is 0.10.36.0. According to Secunia PSI, the file is located at:

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

Secunia PSI flags this version of node.exe as not secure and vulnerable to malware, and advises me to install version 0.10.40, which I believe is the latest available (and secure) version. My copy of Photoshop CC was recently updated to version 2015.0.1. I was hoping that the secure version of node.exe might have been included in the updated, but the old unsecure version is still there.

I don't want to manually update any module that's part of a larger installation, out of a concern that it could "break" something else. However, I currently have to set Secunia PSI to Ignore this program to avoid repeated warnings about it.

Are there any plans to update the Photoshop CC installation to incorporate the secure (0.10.40) version of node.exe?

--Larry

Creative Cloud

This topic has been closed for replies.

R

Rene77

New Participant

Like Douglas I would be happy if I could get rid of the node.js Server.

It's always using around 20% CPU on my notebook, so the fan is always running on a higher/louder level. Even if I don't use any Adobe app. It's pretty annoying.

If I kill it in task manager it will start up again soon after. Even if the Creative Cloud App is not running.

What is it used for?

mtpugh

New Participant

I am showing an installed version of 4.4.3 and getting a message that it is insecure.

Douglas_Dirks

Inspiring

I have this issue as well (Node.js version 4.3.0.0 installed by CC is flagged as insecure by Secunia).

Two (sets of) questions:

Has anyone tried updating this copy of node.js independently of the CC update? If so, how did you do the update and did it cause any issues with CC?
What processes associated with CC use node.js? It appears to be Photoshop related; if I don't have Photoshop CC, could I just remove the node.exe? If node.js is only used for a CC product I don't have installed, why is it installed along with CC?

Thanks for any insights . . .

Han_Balk

New Participant

Node.Js version 4.3.0.0 that came with the latest CC released was released early February. You should use the latest release or let us update node.js separately to avoid vulnerabilities.

Maybe Adobe should have a word with the guys at Secunia....

larryc43230Author

Known Participant

My Creative Cloud applications were updated this morning, and I see that node.js has been updated to version 0.10.40.0. I and Secunia PSI are happy campers.

Thank you!

--Larry

larryc43230Author

Known Participant

With the most recent update of the Creative Cloud component, Secunia PSI is once again glowing red and indicating that the installed version of node.js is out-of-date, unsecure, and vulnerable to malware. The version just installed was 4.3.0.0; the secure version is 4.4.2 or later.

Please notify your programmers of this, and ask them to make sure they keep up with the newest and safest versions of the components they use!

I'm looking forward to making Secunia PSI happy and my PC safe again.

--Larry