Description
Describe the bug
Wiz is detecting issues with the Node version included with the externals deployment, a newer version is required.
File /home/runner/_work/_update/externals/node20/bin/node version 20.19.1 is vulnerable to CVE-2025-23166, which exists in versions >= 20.0, <= 20.19.1.
The vulnerability was found in the VulnCheck NVD++ Database based on the CPE cpe:2.3:a:nodejs:node.js and the reporting CNA has assigned it severity: High.
The file is associated with the technology Node.js.
The vulnerability can be remediated by updating Node.js to 20.19.2 or higher.
To Reproduce
Install latest actions runner version and check included node version.
Expected behavior
An update is required for the included Node version.
Runner Version and Platform
v2.324.0
OS of the machine running the runner?
Ubuntu 22.04