helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

nodejs: ignore CVE-2024-22017

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22017

The vulnerability is related to the io_uring usage of libuv.

Libuv first introduced io_uring support in v1.45[1].
oe-core ships a non-vulnerable version (1.44.2), and nodejs
vendors also an older version (1.43).

Mark this CVE as ignored for this recipe version.

[1]: d2c31f429b

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-01-02 12:28:58 +01:00
parent f9ed3b8197
commit ab83c61385
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
View File

@ -50,6 +50,9 @@ CVE_PRODUCT = "nodejs node.js"
# the vulnerabilities were introduced in v20
CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
# the vulnerability was introduced later (with libuv 1.45)
CVE_CHECK_IGNORE += "CVE-2024-22017"
# v8 errors out if you have set CCACHE
CCACHE = ""