diff options
author | Neil Williams <codehelp@debian.org> | 2022-01-25 11:52:22 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2022-01-25 11:52:22 +0000 |
commit | 46e43cc2ede070cf1d0bdefdf1df982378b52d46 (patch) | |
tree | f027bf8a57da7aa145148c0495b2f8c5eb4853eb | |
parent | 8861a1e6d4b781e0a40582001244cce29b53b0e6 (diff) |
Add CVE-2021-23450 as fixed in dojo
-rw-r--r-- | data/CVE/list.2021 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 9317095238..c0a7a68a3c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -56540,7 +56540,10 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto CVE-2021-23451 RESERVED CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) - TODO: check + - dojo 1.15.4+dfsg1-1 + [stretch] - dojo <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c + NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...) NOT-FOR-US: vm2 JS NOTE: https://github.com/patriksimek/vm2 |