From 81855f0a14c1d26d84ec6f87e92775238e67de09 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Sat, 25 Jan 2025 08:43:43 +0000
Subject: [PATCH] Adding Advisory CVE-2025-23087 for nodejs-16 (#11375)

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
---
 nodejs-16.advisories.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nodejs-16.advisories.yaml b/nodejs-16.advisories.yaml
index 3ccf76c20d..3e9f580e27 100644
--- a/nodejs-16.advisories.yaml
+++ b/nodejs-16.advisories.yaml
@@ -280,6 +280,24 @@ advisories:
         data:
           note: 'Nodejs-16 is no longer receiving support, latest version release of 16.x branch was in August of 2023: https://nodejs.org/download/release/v16.20.2/ and LTS ended in September of 2023: https://endoflife.date/nodejs To remediate this CVE upgrade node to 22.x version stream (latest) in order to receive longest support that also incorporates these fixes.'
 
+  - id: CGA-m768-pw3x-jrm6
+    aliases:
+      - CVE-2025-23087
+      - GHSA-7xh3-2pj7-gxgm
+    events:
+      - timestamp: 2025-01-25T08:14:04Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: nodejs-16
+            componentID: af69b284636f1561
+            componentName: nodejs-16
+            componentVersion: 16.20.2-r9
+            componentType: apk
+            componentLocation: /.PKGINFO
+            scanner: grype
+
   - id: CGA-mhrf-mm82-69mm
     aliases:
       - CVE-2023-32004