[Git][security-tracker-team/security-tracker][master] CVE-2024-22020/nodejs
Bastien Roucariès (@rouca)
rouca at debian.org
Fri Sep 13 21:11:10 BST 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c4e3029 by Bastien Roucariès at 2024-09-13T20:10:24+00:00
CVE-2024-22020/nodejs
Add commit and bug report
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16401,6 +16401,8 @@ CVE-2024-36137 (A vulnerability has been identified in Node.js, affecting users
CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import restrict ...)
- nodejs 20.15.1+dfsg-1
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium
+ NOTE: https://hackerone.com/reports/2092749
+ NOTE: Fixed by https://github.com/nodejs/node/pull/53764/commits/15c2d8d75ed8a431cb782d8af2a78a96e8f91f66
CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...)
NOT-FOR-US: /n software IPWorks SSH library SFTPServer component
CVE-2024-6564 (Buffer overflow in "rcar_dev_init" due to using due to using untruste ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c4e3029a6cdbc9bb97499e213932f4ef1b3b4d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c4e3029a6cdbc9bb97499e213932f4ef1b3b4d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/4062849b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list