SAP Knowledge Base Article - Preview

3425159 - Security auditing reports Node.js vulnerabilities after Friday October 13 2023 release - SAP PD


  • Security audit reports many vulnerabilities:
     - undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (Low) - (CVE-2023-45143)
     - nghttp2 - HTTP/2 Rapid Reset (High) - (CVE-2023-44487)
     - Permission model improperly protects against path traversal (High) - (CVE-2023-39331)
     - Path traversal through path stored in Uint8Array (High) - (CVE-2023-39332)
     - Integrity checks according to policies can be circumvented (Medium) - (CVE-2023-38552)
     - Code injection via WebAssembly export names (Low) - (CVE-2023-39333)
    See Friday October 13 2023 Security Releases

  • How to to apply the Node.js 18.18.2 version to the PD server to protect the vulnerability of the server.



  • SAP PowerDesigner (PD) Web 16.7 SP07
  • Node.js 18.x < 18.18.2


SAP PowerDesigner 16.7


nodejs, CVE-2023-45143, CVE-2023-44487, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 , KBA , BC-SYB-PD , PowerDesigner , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.