diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:57:31 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:57:31 +0100 |
commit | 93c92485769ad2a266b0284d38616fcf75efd9d3 (patch) | |
tree | b9c66efa9e72890910fc154cf61fba9849cf8df2 | |
parent | d40d2c27171744d371cea2b05e71807145ebc487 (diff) |
Update tracking for CVE-2018-16472/node-cached-path-relative
This old CVE entry was tracked as NFU, but is actually in
node-cached-path-relative and fixed in 1.0.2 upstream. Update tracking.
Versions having fixed CVE-2018-16472 are then prone to CVE-2021-23518.
-rw-r--r-- | data/CVE/list.2018 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index ea034eadde..0fa67bdeac 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -13060,7 +13060,10 @@ CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an att ...) NOT-FOR-US: takeapeek CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0 ...) - NOT-FOR-US: cached-path-relative + - node-cached-path-relative 1.0.2-1 + NOTE: https://hackerone.com/reports/390847 + NOTE: https://github.com/ashaffer/cached-path-relative/issues/3 + NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0 CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...) {DLA-1585-1} - ruby-rack 1.6.4-6 (bug #913005) |