mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

nodejs: ignore CVE-2024-22017

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22017

The vulnerability is related to the io_uring usage of libuv.

Libuv first introduced io_uring support in v1.45[1].
oe-core ships a non-vulnerable version (1.44.2), and nodejs
vendors also an older version (1.43).

Mark this CVE as ignored for this recipe version.

[1]: https://github.com/libuv/libuv/commit/d2c31f429b87b476a7f1344d145dad4752a406d4

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-02 12:28:58 +01:00
parent f9ed3b8197
commit ab83c61385
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
+3
View File
@@ -50,6 +50,9 @@ CVE_PRODUCT = "nodejs node.js"
# the vulnerabilities were introduced in v20
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
# the vulnerability was introduced later (with libuv 1.45)
CVE_CHECK_IGNORE += "CVE-2024-22017"
# v8 errors out if you have set CCACHE
CCACHE = ""