nodejs: ignore CVE-2023-30583, CVE-2023-30584 and CVE-2023-30587 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-02 12:28:56 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-08 22:03:03 +0100
commit	04f577d527d9d7beb6fcde973f5e61704bfe1ba8 (patch)
tree	04ec9aef6b103910e3fabf807566dfb85a165e19 /meta-python
parent	96083488242ba0948f64664897c56c900b16b397 (diff)
download	meta-openembedded-04f577d527d9d7beb6fcde973f5e61704bfe1ba8.tar.gz

nodejs: ignore CVE-2023-30583, CVE-2023-30584 and CVE-2023-30587

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 None of these vulnerabilities are present in the recipe version. CVE-2023-30583: While the main feature (blob) was intruced in v16, the vulnerable code (load blobs from file) was introduced in v20[1], and as such, the vulnerability is not present in the recipe version. CVE-2023-30584, CVE-2023-30587: The whole vulnerable feature (permission model) was introduced[2] in v20. Ignore these CVE IDs. [1]: https://github.com/nodejs/node/commit/950cec4c2642c15e2913f35babadda56c1d8a723 [2]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: