mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

nodejs: ignore CVE-2024-36137

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137

The vulnerability affects the permission model, which was introduced[1]
in v20 - the recipe version isn't vulerable yet.

[1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-03 09:48:34 +01:00
parent e88e353f30
commit 3dc63bce4d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
+1 -1
View File
@@ -49,7 +49,7 @@ S = "${WORKDIR}/node-v${PV}"
CVE_PRODUCT = "nodejs node.js"
# the vulnerabilities were introduced in v20
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587 CVE-2024-36137"
# the vulnerability was introduced later (with libuv 1.45)
CVE_CHECK_IGNORE += "CVE-2024-22017"