nodejs: fix CVE-2022-25883 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Polampalli, Archana <archana.polampalli@windriver.com>	2023-08-31 04:57:43 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-04 11:59:59 -0400
commit	d3ee870fb0acbda1c27aa58311547733cccb1df2 (patch)
tree	361549c4a346a05c7a0ddec7592f111dc74663b7 /meta-python/recipes-devtools/python/python3-sqlparse
parent	71d9cabed74b29741babe26a657adf6ecedb3bf4 (diff)
download	meta-openembedded-d3ee870fb0acbda1c27aa58311547733cccb1df2.tar.gz

nodejs: fix CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. References: https://nvd.nist.gov/vuln/detail/CVE-2022-25883 Upstream patches: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: