Track new nodejs issues from september security release

1 files changed, 9 insertions, 3 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index ec125a6241..6fb622a397 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -38389,10 +38389,14 @@ CVE-2020-8254
 	RESERVED
 CVE-2020-8253
 	RESERVED
-CVE-2020-8252
+CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
 	RESERVED
-CVE-2020-8251
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
 	RESERVED
+	- nodejs <not-affected> (Only affects 14.x series)
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
 CVE-2020-8250
 	RESERVED
 CVE-2020-8249
@@ -38510,8 +38514,10 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &
 	NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
 	NOT-FOR-US: Nextcloud Preferred Providers app
-CVE-2020-8201
+CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion]
 	RESERVED
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
 CVE-2020-8200
 	RESERVED
 CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)