Skip to content

2024-07-08, Version 20.15.1 'Iron' (LTS), @RafaelGSS

Compare
Choose a tag to compare
@RafaelGSS RafaelGSS released this 08 Jul 18:27
· 4367 commits to main since this release
v20.15.1

This is a security release.

Notable Changes

  • CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
  • CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
  • CVE-2024-22018 - fs.lstat bypasses permission model (Low)
  • CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
  • CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

Commits