From ca870c041b96ec84c43e14cfdea5c83519447ea6 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 31 Oct 2021 09:05:38 +0100
Subject: Add CVE-2021-42740/node-shell-quote

---
 data/CVE/2021.list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 4b2052cd36..ddf4f55734 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -752,7 +752,8 @@ CVE-2021-42742
 CVE-2021-42741
 	RESERVED
 CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
-	TODO: check
+	- node-shell-quote <unfixed>
+	NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
 CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
 	- linux <unfixed>
 	NOTE: https://seclists.org/oss-sec/2021/q2/46
-- 
cgit v1.2.3