diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-02 12:28:58 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-08 22:03:03 +0100 |
| commit | ab83c61385854a2d333ed25c238c736bb596ce96 (patch) | |
| tree | 7a64aec4596967c103977d7cd09d2224ad77609b | |
| parent | f9ed3b8197d024b291fb100205fcfd371275f0db (diff) | |
| download | meta-openembedded-ab83c61385854a2d333ed25c238c736bb596ce96.tar.gz | |
nodejs: ignore CVE-2024-22017
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22017
The vulnerability is related to the io_uring usage of libuv.
Libuv first introduced io_uring support in v1.45[1].
oe-core ships a non-vulnerable version (1.44.2), and nodejs
vendors also an older version (1.43).
Mark this CVE as ignored for this recipe version.
[1]: https://github.com/libuv/libuv/commit/d2c31f429b87b476a7f1344d145dad4752a406d4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb index 2feec12f21..9c279d1463 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | |||
| @@ -50,6 +50,9 @@ CVE_PRODUCT = "nodejs node.js" | |||
| 50 | # the vulnerabilities were introduced in v20 | 50 | # the vulnerabilities were introduced in v20 |
| 51 | CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587" | 51 | CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587" |
| 52 | 52 | ||
| 53 | # the vulnerability was introduced later (with libuv 1.45) | ||
| 54 | CVE_CHECK_IGNORE += "CVE-2024-22017" | ||
| 55 | |||
| 53 | # v8 errors out if you have set CCACHE | 56 | # v8 errors out if you have set CCACHE |
| 54 | CCACHE = "" | 57 | CCACHE = "" |
| 55 | 58 | ||
