[Git][security-tracker-team/security-tracker][master] Need the permission model

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
604ca6bb by Bastien Roucariès at 2026-04-26T21:42:28+02:00
Need the permission model

Feature introduced in 20 see https://nodejs.org/en/blog/announcements/v20-release-announce
Documentation of the flag: https://nodejs.org/api/cli.html#--experimental-permission (Added in v20.0.0)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18171,6 +18171,8 @@ CVE-2026-21717 (A flaw in V8's string hashing mechanism causes integer-like stri
 CVE-2026-21716 (An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and ` ...)
 	{DSA-6183-1}
 	- nodejs 22.22.2+dfsg+~cs22.19.15-1
+	[bookworm] - nodejs <not-affected> (Feature was introduced in nodeJS 20)
+	[bullseye] - nodejs <not-affected> (Feature was introduced in nodeJS 20)
 	NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#cve-2024-36137-patch-bypass---filehandlechmodchown-cve-2026-21716---low
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/012330956669e06864a674917de352d2d69ff51c (v20.20.2)
 CVE-2026-21715 (A flaw in Node.js Permission Model filesystem enforcement leaves `fs.r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604ca6bb4ade34071ff75358c0dca449d05a66d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604ca6bb4ade34071ff75358c0dca449d05a66d2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260426/6d4917a4/attachment.htm>