libuv CVE-2024-24806 in Node 20.15 #189
Comments
RafaelGSS
changed the title
|
@nodejs/libuv does it affect Node.js? |
|
We included fixes for CVE-2024-24806 in https://nodejs.org/en/blog/vulnerability/february-2024-security-releases |
|
@richardlau the version appears to be the same. Was this patch backported to Node v20.15.0? The post claims it was fixed on Node 20.x |
|
Yes, by nodejs/node#51737 in Node.js 20.11.1. |
|
Wow! That's great news. Thank you @richardlau I'll bookmark the release and search up CVEs in the future |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a critical vulnerbility that was not fixed in the last NodeJS minor version fix. It is coming up on vulnerability scans and creating problems.
https://nvd.nist.gov/vuln/detail/CVE-2024-24806
https://github.com/nodejs/node/blob/v20.15.0/deps/uv/ChangeLog#L1
The text was updated successfully, but these errors were encountered: