summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-01-02 12:28:58 +0100
committerGyorgy Sarvari <skandigraun@gmail.com>2026-01-08 22:03:03 +0100
commitab83c61385854a2d333ed25c238c736bb596ce96 (patch)
tree7a64aec4596967c103977d7cd09d2224ad77609b
parentf9ed3b8197d024b291fb100205fcfd371275f0db (diff)
downloadmeta-openembedded-ab83c61385854a2d333ed25c238c736bb596ce96.tar.gz
nodejs: ignore CVE-2024-22017
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22017 The vulnerability is related to the io_uring usage of libuv. Libuv first introduced io_uring support in v1.45[1]. oe-core ships a non-vulnerable version (1.44.2), and nodejs vendors also an older version (1.43). Mark this CVE as ignored for this recipe version. [1]: https://github.com/libuv/libuv/commit/d2c31f429b87b476a7f1344d145dad4752a406d4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
-rw-r--r--meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
index 2feec12f21..9c279d1463 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
@@ -50,6 +50,9 @@ CVE_PRODUCT = "nodejs node.js"
50# the vulnerabilities were introduced in v20 50# the vulnerabilities were introduced in v20
51CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587" 51CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
52 52
53# the vulnerability was introduced later (with libuv 1.45)
54CVE_CHECK_IGNORE += "CVE-2024-22017"
55
53# v8 errors out if you have set CCACHE 56# v8 errors out if you have set CCACHE
54CCACHE = "" 57CCACHE = ""
55 58