Add CVE-2022-23647/node-prismjs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-21 09:11:16 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-21 09:11:45 +0100
commit: 4d17e6c7078bcea5837aeb493732126749811ae5 (patch)
tree: e26d20a5ca8edf372f4466982ed1b3dc02818c0c
parent: 6f20b6cc0654feff9a2d8d7d94a729baf0134bc5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index cf044f172b..a0084db984 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -5217,7 +5217,10 @@ CVE-2022-23649 (Cosign provides container signing, verification, and storage in
 CVE-2022-23648
 	RESERVED
 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
-	TODO: check
+	- node-prismjs <unfixed>
+	NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99
+	NOTE: https://github.com/PrismJS/prism/pull/3341
+	NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0)
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
 CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-21 09:11:16 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-21 09:11:45 +0100
commit	4d17e6c7078bcea5837aeb493732126749811ae5 (patch)
tree	e26d20a5ca8edf372f4466982ed1b3dc02818c0c
parent	6f20b6cc0654feff9a2d8d7d94a729baf0134bc5 (diff)