diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:52:23 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-25 21:52:23 +0100 |
| commit | d40d2c27171744d371cea2b05e71807145ebc487 (patch) | |
| tree | fdb7918d68bf7e7ecf18b82c6c92e13509127fbf | |
| parent | 9d712adaf71fe2bc8ad12345954054f7d03791aa (diff) | |
Update information on CVE-2021-23450/dojo
| -rw-r--r-- | data/CVE/list.2021 | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 67a1b74c3d..46aba1388d 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -56567,10 +56567,9 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto CVE-2021-23451 RESERVED CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) - - dojo 1.15.4+dfsg1-1 - [stretch] - dojo <not-affected> (Vulnerable code introduced later) - NOTE: https://github.com/dojo/dojo/commit/4c39c14349408fc8274e19b399ffc660512ed07c + - dojo <unfixed> NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 + NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...) NOT-FOR-US: vm2 JS NOTE: https://github.com/patriksimek/vm2 |