diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-21 06:27:03 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-21 06:27:03 +0100 |
commit | fd8893a3526da106bb95d054630a4336177cf77a (patch) | |
tree | 15bb562b95b4962c84fb2944fe8b5b35973aa4f1 /data | |
parent | c411205560b1035b224568124b1fa7f635646bd9 (diff) |
Try to clarify scope for CVE-2021-44906
Thee was an attempt to fix the prototype pollution issue but resultet to
be insufficient. The CVE-2021-44906 is for this issue that still persist
up to (and including) the 1.2.5 version.
The project itself seems stalled and got a fork.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2c9e1333d4..c3c1690743 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -19774,7 +19774,8 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via fil - node-minimist <unfixed> NOTE: https://github.com/substack/minimist/issues/164 NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - NOTE: The fix for prototype pollution in setKey() CVE-2021-44906 is insufficient. + NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey() + NOTE: was insufficient. CVE-2021-44905 RESERVED CVE-2021-44904 |