Add CVE-2022-0686/node-url-parse

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-20 21:18:09 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-20 21:18:09 +0100
commit: a2948fa3fefe47f6aed71123d0cca8047fd7e9b1 (patch)
tree: 7d1622f123e134902369d81636170f54c04b64cd
parent: 9187b4eec1d76767478eea6ad66f57b244c44b4f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 4ada6fee51..1f7e2fb1ad 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -25,7 +25,9 @@ CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to
 CVE-2022-0687
 	RESERVED
 CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
-	TODO: check
+	- node-url-parse <unfixed>
+	NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
+	NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
 CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	TODO: check
 CVE-2022-0684
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-20 21:18:09 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-20 21:18:09 +0100
commit	a2948fa3fefe47f6aed71123d0cca8047fd7e9b1 (patch)
tree	7d1622f123e134902369d81636170f54c04b64cd
parent	9187b4eec1d76767478eea6ad66f57b244c44b4f (diff)