mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-15 03:43:53 +02:00
6cd5a2c57f
Thursday February 16 2023 Security Releases Notable Changes The following CVEs are fixed in this release: * CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) * CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) * CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) * CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) * CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
13 lines
513 B
Diff
13 lines
513 B
Diff
--- a/lib/internal/modules/cjs/loader.js
|
|
+++ b/lib/internal/modules/cjs/loader.js
|
|
@@ -1326,7 +1326,8 @@ Module._initPaths = function() {
|
|
path.resolve(process.execPath, '..') :
|
|
path.resolve(process.execPath, '..', '..');
|
|
|
|
- const paths = [path.resolve(prefixDir, 'lib', 'node')];
|
|
+ const paths = [path.resolve(prefixDir, 'lib', 'node'),
|
|
+ path.resolve(prefixDir, 'lib', 'node_modules')];
|
|
|
|
if (homeDir) {
|
|
ArrayPrototypeUnshift(paths, path.resolve(homeDir, '.node_libraries'));
|