mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-15 20:03:57 +02:00
d57b35fa83
Thursday February 16 2023 Security Releases Notable Changes The following CVEs are fixed in this release: * CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) * CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
13 lines
507 B
Diff
13 lines
507 B
Diff
--- a/lib/internal/modules/cjs/loader.js
|
|
+++ b/lib/internal/modules/cjs/loader.js
|
|
@@ -1231,7 +1231,8 @@ Module._initPaths = function() {
|
|
path.resolve(process.execPath, '..') :
|
|
path.resolve(process.execPath, '..', '..');
|
|
|
|
- let paths = [path.resolve(prefixDir, 'lib', 'node')];
|
|
+ let paths = [path.resolve(prefixDir, 'lib', 'node'),
|
|
+ path.resolve(prefixDir, 'lib', 'node_modules')];
|
|
|
|
if (homeDir) {
|
|
ArrayPrototypeUnshift(paths, path.resolve(homeDir, '.node_libraries'));
|