diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:52:23 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:52:23 +0100 |
| commit | 09aba0a3783cc2534918346e477fe0ed09587353 (patch) | |
| tree | e895a555d3f74724c6d910a3bf86f2a5f0707506 | |
| parent | eef4525801a510234f77cb0b914c9670088b9c26 (diff) | |
Update information on CVE-2021-23450/dojo
| -rw-r--r-- | data/CVE/2021.list | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 67a1b74c3d..46aba1388d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -56567,10 +56567,9 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto CVE-2021-23451 RESERVED CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) - - dojo 1.15.4+dfsg1-1 - [stretch] - dojo <not-affected> (Vulnerable code introduced later) - NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c + - dojo <unfixed> NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 + NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...) NOT-FOR-US: vm2 JS NOTE: https://github.com/patriksimek/vm2 |