mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
nodejs: ignore CVE-2024-36137
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137 The vulnerability affects the permission model, which was introduced[1] in v20 - the recipe version isn't vulerable yet. [1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -49,7 +49,7 @@ S = "${WORKDIR}/node-v${PV}"
|
|||||||
CVE_PRODUCT = "nodejs node.js"
|
CVE_PRODUCT = "nodejs node.js"
|
||||||
|
|
||||||
# the vulnerabilities were introduced in v20
|
# the vulnerabilities were introduced in v20
|
||||||
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
|
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587 CVE-2024-36137"
|
||||||
|
|
||||||
# the vulnerability was introduced later (with libuv 1.45)
|
# the vulnerability was introduced later (with libuv 1.45)
|
||||||
CVE_CHECK_IGNORE += "CVE-2024-22017"
|
CVE_CHECK_IGNORE += "CVE-2024-22017"
|
||||||
|
|||||||
Reference in New Issue
Block a user