diff mbox series

[meta-oe,kirkstone,4/5] nodejs: ignore CVE-2024-36137

Message ID 20260103084835.2022951-4-skandigraun@gmail.com
State New
Headers show
Series [meta-webserver,kirkstone,1/5] phpmyadmin: ignore CVE-2020-22452 | expand

Commit Message

Gyorgy Sarvari Jan. 3, 2026, 8:48 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137

The vulnerability affects the permission model, which was introduced[1]
in v20 - the recipe version isn't vulerable yet.

[1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
index 11e9717c6a..2a7324a203 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
@@ -49,7 +49,7 @@  S = "${WORKDIR}/node-v${PV}"
 CVE_PRODUCT = "nodejs node.js"
 
 # the vulnerabilities were introduced in v20
-CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587"
+CVE_CHECK_IGNORE = "CVE-2023-30583 CVE-2023-30584 CVE-2023-30587 CVE-2024-36137"
 
 # the vulnerability was introduced later (with libuv 1.45)
 CVE_CHECK_IGNORE += "CVE-2024-22017"