Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/lang/node
History
Hirokazu MORIKAWA 286d1d11ae node: June 20 2023 Security Releases 
Update to v18.16.1

The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
    * OpenSSL security advisory 28th March.
    * OpenSSL security advisory 20th April.
    * OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
    * GHSA-9g78-jv2r-p7vc
    * GHSA-8r8p-23f3-64c2
    * GHSA-54xr-f67r-4pc4
    * GHSA-x6mf-cxr9-8q6v

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2023-06-21 11:27:48 +09:00
..
patches node: June 20 2023 Security Releases 2023-06-21 11:27:48 +09:00
Makefile node: June 20 2023 Security Releases 2023-06-21 11:27:48 +09:00