diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:19:13 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:19:13 +0100 |
| commit | 1df74df1646cf2e359badb95ef9c758bfdbf7e2a (patch) | |
| tree | 2f3a19f0705fd1e282e053e542276b9d14defced | |
| parent | d83d965473370cbfc5f556fa41960502388b2d22 (diff) | |
Add tracking for CVE-2021-44223/wordpress
| -rw-r--r-- | data/CVE/list.2021 | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 90e6cc03c4..537f79c08b 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,7 +1,13 @@ CVE-2021-44224 RESERVED CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) - TODO: check + - wordpress 5.8.1+dfsg1-1 + [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation + NOTE: options documented in: + NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ + NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ CVE-2021-44222 RESERVED CVE-2021-44221 |