A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry. References: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2220753] Affects: fedora-all [bug 2220751] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220750] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2220752] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220749] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220748]