Add CVE-2021-23518 for node-cached-path-relative

author: Neil Williams <codehelp@debian.org> 2022-01-25 12:16:30 +0000
committer: Neil Williams <codehelp@debian.org> 2022-01-25 12:16:42 +0000
commit: e144695cb9c2fd88d47bf27e30ffc1c05fc74ce8 (patch)
tree: 268ec880ec5763e432f830ab998fa256aeb4b438
parent: 02211a45378294f3a9db106cb7a30216de4af429 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index f2a4c42255..c24693646b 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -56400,7 +56400,9 @@ CVE-2021-23520
 CVE-2021-23519
 	RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
-	TODO: check
+	- node-cached-path-relative <unfixed> (bug #1004338)
+	NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+	NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
 CVE-2021-23517
 	RESERVED
 CVE-2021-23516
author	Neil Williams <codehelp@debian.org>	2022-01-25 12:16:30 +0000
committer	Neil Williams <codehelp@debian.org>	2022-01-25 12:16:42 +0000
commit	e144695cb9c2fd88d47bf27e30ffc1c05fc74ce8 (patch)
tree	268ec880ec5763e432f830ab998fa256aeb4b438
parent	02211a45378294f3a9db106cb7a30216de4af429 (diff)