Forum Thread: Node.js

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
jckinnick Node.js
Member 10th Nov, 2015 06:57
Ranking: 6
Posts: 195
User Since: 21st May, 2010
System Score: N/A
Location: US
PSI is showing this as needing an update I'm at 99%. What is this, I don't think I even have this installed on my computer.

Maurice Joyce RE: Node.js
Handling Contributor 10th Nov, 2015 09:04
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If PSI has found node.js on your PC then by default it will give you the path to exactly where it is installed and the version details.

There is plenty of information on nde.js on the web - this is an example https://en.m.wikipedia.org/wiki/Node.js

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
jckinnick RE: Node.js
Member 11th Nov, 2015 07:36
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 10th Nov, 2015 09:04, Maurice Joyce wrote:
If PSI has found node.js on your PC then by default it will give you the path to exactly where it is installed and the version details.

There is plenty of information on nde.js on the web - this is an example https://en.m.wikipedia.org/wiki/Node.js[/quote]

Its a part of Popcorn time apparently. I don't even have a chromecast, should I update this? PSI takes me to the node site and it wants to install it as a separate program.

C/Program Files86/Popcorn Time/chromecast/node.exe
Was this reply relevant?
+0
-0
Maurice Joyce RE: Node.js
Handling Contributor 12th Nov, 2015 00:34
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If you do not use Popcorn Time uninstall it and the problem is solved .
Installing node.js from their site will not clear the vulnerability because the file is embedded in Popcorn Time.
Have you got the latest version of Popcorn Time? - if not updating may clear the problem.

If the latest version is showing as vulnerable this could, I repeat, could be a false positive from Secunia. You need to email them with the path of the file they claim is vulnerable and ask them to check their database or you can contact Popcorn Time and tell them that Secunia have flagged their programme as insecure.

To contact Secunia send an email to info@secunia.com and copy it to support@secunia.com


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
jckinnick RE: Node.js
Member 12th Nov, 2015 03:15
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 12th Nov, 2015 00:34, Maurice Joyce wrote:
If you do not use Popcorn Time uninstall it and the problem is solved .
Installing node.js from their site will not clear the vulnerability because the file is embedded in Popcorn Time.
Have you got the latest version of Popcorn Time? - if not updating may clear the problem.

If the latest version is showing as vulnerable this could, I repeat, could be a false positive from Secunia. You need to email them with the path of the file they claim is vulnerable and ask them to check their database or you can contact Popcorn Time and tell them that Secunia have flagged their programme as insecure.

To contact Secunia send an email to info@secunia.com and copy it to support@secunia.com


Yeah, it's the latest version. It's actually a beta version.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Node.js
Handling Contributor 13th Nov, 2015 01:22
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 13th Nov, 2015 01:24
Even more interesting - Secunia do not track any programme in ALPHA or BETA so I can only assume it is an old file that has been found.

As an interim measure you can rename the (possible) vulnerable file from
C:\Program Files (x86)\Popcorn Time\Chromecast\node.exe
To
C:\Program Files (x86)\Popcorn Time\Chromecast\node.exe.old

By adding the .old extension at the end it will cripple that file. Any programme dependant on it will fail. It is easily reversed if you find it is a false positive.

Not sure I can help anymore - BETA programmes are subject to errors and as a BETA user/tester you should report your problem back to the developer.

I also doubt Secunia will be too interesting in your using/testing of a BETA programme but still worth trying to contact them to ask for a check of their database.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
jckinnick RE: Node.js
Member 13th Nov, 2015 06:20
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 13th Nov, 2015 01:22, Maurice Joyce wrote:
Even more interesting - Secunia do not track any programme in ALPHA or BETA so I can only assume it is an old file that has been found.

As an interim measure you can rename the (possible) vulnerable file from
C:\Program Files (x86)\Popcorn Time\Chromecast\node.exe
To
C:\Program Files (x86)\Popcorn Time\Chromecast\node.exe.old

By adding the .old extension at the end it will cripple that file. Any programme dependant on it will fail. It is easily reversed if you find it is a false positive.

Not sure I can help anymore - BETA programmes are subject to errors and as a BETA user/tester you should report your problem back to the developer.

I also doubt Secunia will be too interesting in your using/testing of a BETA programme but still worth trying to contact them to ask for a check of their database.



That seemed to do the trick, everything still seems to work fine too.
Was this reply relevant?
+0
-0

This thread has been marked as locked.