Add CVE-2022-0639/node-url-parse

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-18 07:16:08 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-18 07:16:08 +0100
commit: 71f17240735217654f329b188da72fbe89346c42 (patch)
tree: c925e4c974f67b6bfbbd718af0cd2c1e93e37888
parent: 14cf83c86a3f9a07a2831103ad0680f2ecc82059 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 04f8ae854a..5d024579f0 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -219,7 +219,9 @@ CVE-2022-0641
 CVE-2022-0640
 	RESERVED
 CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
-	TODO: check
+	- node-url-parse 1.5.7-1
+	NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
+	NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
 CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
 	TODO: check
 CVE-2022-0637
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-18 07:16:08 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-18 07:16:08 +0100
commit	71f17240735217654f329b188da72fbe89346c42 (patch)
tree	c925e4c974f67b6bfbbd718af0cd2c1e93e37888
parent	14cf83c86a3f9a07a2831103ad0680f2ecc82059 (diff)