diff options
| author | Mario Rodas <marsam@users.noreply.github.com> | 2023-06-21 04:20:00 +0000 |
|---|---|---|
| committer | Mario Rodas <marsam@users.noreply.github.com> | 2023-06-21 04:20:00 +0000 |
| commit | 12bbce3e6c2b298892768d5fb99696b8bbf73ce2 (patch) | |
| tree | 15ea0b36076a6dc6e73623bf179b14bc3c3ddadf /pkgs/development/python-modules/rangehttpserver | |
| parent | 75f22e0d83812b4b95e9a83e9fe7025df8c39d98 (diff) | |
nodejs_20: 20.3.0 -> 20.3.1
The following CVEs are fixed in this release:
- CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
- CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
- CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
- CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
- CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
- CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
- CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
- CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
- CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
- CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
https://github.com/nodejs/node/releases/tag/v20.3.1
Diffstat (limited to 'pkgs/development/python-modules/rangehttpserver')
0 files changed, 0 insertions, 0 deletions