Read Time:35 Second
FEDORA-2023-7b52921cae
Packages in this update:
nodejs20-20.8.1-1.fc39
Update description:
2023-10-13, Version 20.8.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
CVE-2023-39331: Permission model improperly protects against path traversal (High)
CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.