Add CVE-2021-23518 for node-cached-path-relative

author: Neil Williams <codehelp@debian.org> 2022-01-25 12:16:30 +0000
committer: Neil Williams <codehelp@debian.org> 2022-01-25 12:16:42 +0000
commit: 50e69bc597ff76834a0bfc0372db0a7940e60b63 (patch)
tree: 4357c4a1ae076d8ebac8bdad409a7600d4f2e062
parent: 06653c27de0799a46f5a627f8c2e2370db8071b5 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f2a4c42255..c24693646b 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -56400,7 +56400,9 @@ CVE-2021-23520
 CVE-2021-23519
 	RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
-	TODO: check
+	- node-cached-path-relative <unfixed> (bug #1004338)
+	NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+	NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
 CVE-2021-23517
 	RESERVED
 CVE-2021-23516
author	Neil Williams <codehelp@debian.org>	2022-01-25 12:16:30 +0000
committer	Neil Williams <codehelp@debian.org>	2022-01-25 12:16:42 +0000
commit	50e69bc597ff76834a0bfc0372db0a7940e60b63 (patch)
tree	4357c4a1ae076d8ebac8bdad409a7600d4f2e062
parent	06653c27de0799a46f5a627f8c2e2370db8071b5 (diff)