mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
Files
04f577d527d9d7beb6fcde973f5e61704bfe1ba8
meta-openembedded/meta-oe/recipes-devtools/nodejs
T
History
Gyorgy Sarvari 04f577d527 nodejs: ignore CVE-2023-30583, CVE-2023-30584 and CVE-2023-30587 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30583
https://nvd.nist.gov/vuln/detail/CVE-2023-30584
https://nvd.nist.gov/vuln/detail/CVE-2023-30587

None of these vulnerabilities are present in the recipe version.

CVE-2023-30583: While the main feature (blob) was intruced in v16, the vulnerable
code (load blobs from file) was introduced in v20[1], and as such,
the vulnerability is not present in the recipe version.

CVE-2023-30584, CVE-2023-30587: The whole vulnerable feature (permission model) was
introduced[2] in v20.

Ignore these CVE IDs.

[1]: https://github.com/nodejs/node/commit/950cec4c2642c15e2913f35babadda56c1d8a723
[2]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-08 22:03:03 +01:00
..
nodejs
nodejs: fix CVE-2023-46809
2024-06-02 15:10:59 -04:00
nodejs-oe-cache-16.20
nodejs: upgrade 16.19.1 -> 16.20.1
2023-07-16 15:30:53 -04:00
nodejs_16.20.2.bb
nodejs: ignore CVE-2023-30583, CVE-2023-30584 and CVE-2023-30587
2026-01-08 22:03:03 +01:00
nodejs-oe-cache-native_16.20.bb
nodejs: upgrade 16.19.1 -> 16.20.1
2023-07-16 15:30:53 -04:00