Add CVE-2023-37360/pacparser

author: Salvatore Bonaccorso <carnil@debian.org> 2023-07-02 09:23:19 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-07-02 09:23:19 +0200
commit: c07d7c5416bfeb006ef19656e5d1e72d25e12ed4 (patch)
tree: 5a7a68405ee2a0fc069fbc21b9f2d447e570de31
parent: 513b6bcc9a56772031d36a5f6d100f8ff44d812c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 3e348227fc..de36d38aa7 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -118,7 +118,8 @@ CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argumen
 	- hnswlib <unfixed>
 	NOTE: https://github.com/nmslib/hnswlib/issues/467
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...)
-	TODO: check
+	- pacparser <unfixed>
+	NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in  ...)
 	NOT-FOR-US: MISP
 CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2023-07-02 09:23:19 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-07-02 09:23:19 +0200
commit	c07d7c5416bfeb006ef19656e5d1e72d25e12ed4 (patch)
tree	5a7a68405ee2a0fc069fbc21b9f2d447e570de31
parent	513b6bcc9a56772031d36a5f6d100f8ff44d812c (diff)