From 973afc28dcd0a16fad97f929e6fbe9de842951b7 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 21 Feb 2022 21:26:35 +0100
Subject: Add CVE-2022-0691/node-url-parse

---
 data/CVE/2022.list | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 9340ecc4c9..09aaf6c9be 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -551,7 +551,9 @@ CVE-2022-0693
 CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
 	NOT-FOR-US: alltube
 CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
-	TODO: check
+	- node-url-parse 1.5.9+~1.4.8-1
+	NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
+	NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
 CVE-2022-25369
 	RESERVED
 CVE-2022-25368
-- 
cgit v1.2.3