This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). NOTE: use of the CVE List to report that a product is unsupported, without reference to a specific defect, is novel and the CVE Program is actively assessing both the validity and potential value of this approach.
Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. In effect, unmaintained code can become obsolete. This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.