diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2024-04-26 15:48:53 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-04-26 15:48:53 +0200 |
commit | 75fa9b4a4328066ab1e8e1296ca9cfecfaeb6a69 (patch) | |
tree | 574b68c64b2390e68af17f45d004708a186cc4ff | |
parent | c8288b81c0c844da8311d789e6ad352a7ab35130 (diff) |
Add two new issues in python-jose
-rw-r--r-- | data/CVE/list | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index cabf0ee119..d7473bb994 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -44,9 +44,12 @@ CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with custo CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...) TODO: check CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...) - TODO: check + - python-jose <unfixed> + NOTE: https://github.com/mpdavis/python-jose/issues/344 + NOTE: https://github.com/mpdavis/python-jose/pull/345 CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) - TODO: check + - python-jose <unfixed> + NOTE: https://github.com/mpdavis/python-jose/issues/346 CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) NOT-FOR-US: Portainer CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) |