Comparing changes
Open a pull request
- 8 commits
- 31 files changed
- 2 contributors
Commits on Jun 20, 2024
Commits on Jul 3, 2024
-
lib,permission: disable fchmod/fchown when pm enabled
PR-URL: nodejs-private/node-private#584 Refs: https://hackerone.com/reports/2472071 CVE-ID: CVE-2024-36137
-
lib,permission: support fs.lstat
PR-URL: nodejs-private/node-private#486 Backport-PR-URL: nodejs-private/node-private#604 CVE-ID: CVE-2024-22018
-
src,permission: resolve path on fs_permission
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #52761 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
-
src: handle permissive extension on cmd check
PR-URL: nodejs-private/node-private#596 Backport-PR-URL: nodejs-private/node-private#605 CVE-ID: CVE-2024-36138
-
lib,esm: handle bypass network-import via data:
PR-URL: nodejs-private/node-private#522 CVE-ID: CVE-2024-22020
-
src,permission: fix UNC path resolution
PR-URL: nodejs-private/node-private#581 CVE-ID: CVE-2024-37372
-
2024-07-08, Version 20.15.1 'Iron' (LTS)
This is a security release. Notable changes: * CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) * CVE-2024-22020 - Bypass network import restriction via data URL (Medium) * CVE-2024-22018 - fs.lstat bypasses permission model (Low) * CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) * CVE-2024-37372 - Permission model improperly processes UNC paths (Low) PR-URL: nodejs-private/node-private#608
This comparison is taking too long to generate.
Unfortunately it looks like we canβt render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 0bf200b...a407d1f