Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137
The vulnerability affects the permission model, which was introduced[1] in v20 - the recipe version isn't vulerable yet. [1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb index 11e9717c6a..2a7324a203 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb @@ -49,7 +49,7 @@ S = "${WORKDIR}/node-v${PV}" CVE_PRODUCT = "nodejs node.js" # the vulnerabilities were introduced in v20 -CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587" +CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587 CVE-2024-36137" # the vulnerability was introduced later (with libuv 1.45) CVE_CHECK_IGNORE += "CVE-2024-22017"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123102): https://lists.openembedded.org/g/openembedded-devel/message/123102 Mute This Topic: https://lists.openembedded.org/mt/117053588/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
