From 7ffa9c55b0c105d839adfb4e3ee54914c3ac7022 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 21 Feb 2022 09:11:16 +0100
Subject: Add CVE-2022-23647/node-prismjs

---
 data/CVE/list.2022 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index cf044f172b..a0084db984 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -5217,7 +5217,10 @@ CVE-2022-23649 (Cosign provides container signing, verification, and storage in
 CVE-2022-23648
 	RESERVED
 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
-	TODO: check
+	- node-prismjs <unfixed>
+	NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99
+	NOTE: https://github.com/PrismJS/prism/pull/3341
+	NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0)
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
 CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
-- 
cgit v1.2.3