You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
src,loader,permission: throw on InternalWorker use
Previously this PR it was expected that InternalWorker
usage doesn't require the --allow-worker when the permission
model is enabled. This, however, exposes a vulnerability
whenever the instance gets accessed by the user. For example
through diagnostics_channel.subscribe('worker_threads')
PR-URL: nodejs-private/node-private#651
Refs: nodejs-private/node-private#629
CVE-ID: CVE-2025-23083
0 commit comments