Good morning/afternoon. There are 3 high V8 CVEs that have been recently fixed. I'd like to know if they will be backported to V8 versions 10.2.154.x (used by Node 18.20.4) and 11.3.244.x (Used by Node 20.16.0)
See - https://github.com/nodejs/node/blob/v18.20.4/deps/v8/include/v8-version.h - https://github.com/nodejs/node/blob/v20.16.0/deps/v8/include/v8-version.h The CVEs are: *https://nvd.nist.gov/vuln/detail/CVE-2024-4761. (Score 8.8)* - Out of bounds write. - Fixed in version 12.6.213 <https://github.com/v8/v8/releases/tag/12.6.213> - Fixed by this commit <https://github.com/v8/v8/commit/f320600cd1f48ba6bb57c0395823fe0c5e5ec52e> *https://nvd.nist.gov/vuln/detail/CVE-2024-4947* - Type Confusion. - Fixed in version 12.0.267.27 <https://github.com/v8/v8/releases/tag/12.0.267.27> - Fixed by this commit <https://github.com/v8/v8/commit/2944ee9846e> *https://nvd.nist.gov/vuln/detail/CVE-2024-5274* - Type Confusion. - Fixed in version 12.4.254.20 <https://github.com/v8/v8/releases/tag/12.4.254.20> - Fixed by this commit <https://github.com/v8/v8/commit/6e5e1053fa6> These are high CVEs identified by CISA as being KEV. -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/d3606836-d8ae-492a-9550-59ae01f53951n%40googlegroups.com.
