12bbce3e6c
The following CVEs are fixed in this release: - CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) - CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High) - CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High) - CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium) - CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) - CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) - CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) - CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) - CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) https://github.com/nodejs/node/releases/tag/v20.3.1 |
||
|---|---|---|
| .. | ||
| bypass-darwin-xcrun-node16.patch | ||
| bypass-xcodebuild.diff | ||
| disable-darwin-v8-system-instrumentation-node19.patch | ||
| disable-darwin-v8-system-instrumentation.patch | ||
| fix-npm-patch-paths.sh | ||
| node-npm-build-npm-package-logic-node16.patch | ||
| node-npm-build-npm-package-logic.patch | ||
| nodejs-release-keys.asc | ||
| nodejs.nix | ||
| npm-patches.nix | ||
| revert-arm64-pointer-auth.patch | ||
| setup-hook.sh | ||
| update-keyring | ||
| update.nix | ||
| v14.nix | ||
| v16.nix | ||
| v18.nix | ||
| v20.nix | ||