diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:57:31 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:57:31 +0100 |
commit | 047481d80bb9af1099efe071d3a31efd5d3864f6 (patch) | |
tree | 013f93272008427e43a28c318c8b15a500286bd7 | |
parent | 09aba0a3783cc2534918346e477fe0ed09587353 (diff) |
Update tracking for CVE-2018-16472/node-cached-path-relative
This old CVE entry was tracked as NFU, but is actually in
node-cached-path-relative and fixed in 1.0.2 upstream. Update tracking.
Versions having fixed CVE-2018-16472 are then prone to CVE-2021-23518.
-rw-r--r-- | data/CVE/2018.list | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index ea034eadde..0fa67bdeac 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -13060,7 +13060,10 @@ CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an att ...) NOT-FOR-US: takeapeek CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0 ...) - NOT-FOR-US: cached-path-relative + - node-cached-path-relative 1.0.2-1 + NOTE: https://hackerone.com/reports/390847 + NOTE: https://github.com/ashaffer/cached-path-relative/issues/3 + NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0 CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...) {DLA-1585-1} - ruby-rack 1.6.4-6 (bug #913005) |