Opened 5 weeks ago

Closed 5 weeks ago

#20957 closed enhancement (fixed)

node.js-22.13.1

Reported by: Bruce Dubbs Owned by: zeckma
Priority: elevated Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by zeckma, 5 weeks ago

Owner: changed from blfs-book to zeckma
Status: newassigned

comment:2 by zeckma, 5 weeks ago

Priority: normalelevated

Notable Changes

  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

In total, 4 CVEs have been fixed, 3 are medium and 1 is high.

comment:3 by zeckma, 5 weeks ago

Fixed at 80bf33c4429786532f7f20edb1970fafa2edf336.

Keeping open for SA issuing.

comment:4 by zeckma, 5 weeks ago

CVE-2025-23084 seems to only be affected for Windows: https://www.tenable.com/cve/CVE-2025-23084.

comment:5 by zeckma, 5 weeks ago

Resolution: fixed
Status: assignedclosed

SA-12.2-068 issued.

Note: See TracTickets for help on using tickets.