nodejs20/node-v20.3.1.tar.xz at bac0238f0cca924c0dc674837f5e002e4d3ac214303da70040e2df35dd638b06 - nodejs20 - openSUSE Gitea

adamm/nodejs20

SHA256

Adam Majer 86bbf8af98 - Update to version 20.3.1 (security fixes only). The following

CVEs are fixed in this release:
  * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass
    Experimental Policy Mechanism (High)
  * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in
    Experimental Permission Model (High)
  * (CVE-2023-30587, bsc#1212576): Bypass of Experimental
    Permission Model via Node.js Inspector (High)
  * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model
    Allows Unauthorized File Watching (Medium)
  * (CVE-2023-30583, bsc#1212578): Bypass of Experimental
    Permission Model via fs.openAsBlob() (Medium)
  * (CVE-2023-30585, bsc#1212579): Privilege escalation via
    Malicious Registry Key manipulation during Node.js
    installer repair process (Medium)
  * (CVE-2023-30586, bsc#1212580): Bypass of Experimental
    Permission Model via Arbitrary OpenSSL Engines (Medium)
  * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid
    Public Key information in x509 certificates (Medium)
  * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via
    Empty headers separated by CR (Medium)
  * (CVE-2023-30590, bsc#1212583): DiffieHellman does not
    generate keys after setting a private key (Medium)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs20?expand=0&rev=22

2023-06-21 12:07:38 +00:00

4 lines

133 B

Plaintext

Raw Blame History

	`version https://git-lfs.github.com/spec/v1`
	`oid sha256:12a82db306697959b4389b351a5f97848986b1313f9901b0e0b3d8cf4f3f9991`
	`size 41712208`