Add CVE-2022-0639/node-url-parse

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-18 07:16:08 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-18 07:16:08 +0100
commit: f1b0eba47f9e8db704fd6cab43a47a0da10799a2 (patch)
tree: 0d5d0ecca1ee5ba22a231326fcbb96427f38b696
parent: 0e46f6fa62e0ce65ff5b80cc8344640d3ca2e61b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 04f8ae854a..5d024579f0 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -219,7 +219,9 @@ CVE-2022-0641
 CVE-2022-0640
 	RESERVED
 CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
-	TODO: check
+	- node-url-parse 1.5.7-1
+	NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
+	NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
 CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
 	TODO: check
 CVE-2022-0637
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-18 07:16:08 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-18 07:16:08 +0100
commit	f1b0eba47f9e8db704fd6cab43a47a0da10799a2 (patch)
tree	0d5d0ecca1ee5ba22a231326fcbb96427f38b696
parent	0e46f6fa62e0ce65ff5b80cc8344640d3ca2e61b (diff)