diff options
author | Neil Williams <codehelp@debian.org> | 2022-01-25 11:52:22 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2022-01-25 11:52:22 +0000 |
commit | 54c3fc92231e22d342cfb70ae4878475fdac7770 (patch) | |
tree | 31e1ed4279427cd029e624ae89e5f74a4e07f5c1 | |
parent | 97d0e5609be7fc4f10808b27911d2f07ef7fe75b (diff) |
Add CVE-2021-23450 as fixed in dojo
-rw-r--r-- | data/CVE/2021.list | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 9317095238..c0a7a68a3c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -56540,7 +56540,10 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto CVE-2021-23451 RESERVED CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) - TODO: check + - dojo 1.15.4+dfsg1-1 + [stretch] - dojo <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c + NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...) NOT-FOR-US: vm2 JS NOTE: https://github.com/patriksimek/vm2 |