From e144695cb9c2fd88d47bf27e30ffc1c05fc74ce8 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Tue, 25 Jan 2022 12:16:30 +0000
Subject: Add CVE-2021-23518 for node-cached-path-relative

---
 data/CVE/list.2021 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index f2a4c42255..c24693646b 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -56400,7 +56400,9 @@ CVE-2021-23520
 CVE-2021-23519
 	RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
-	TODO: check
+	- node-cached-path-relative <unfixed> (bug #1004338)
+	NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+	NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
 CVE-2021-23517
 	RESERVED
 CVE-2021-23516
-- 
cgit v1.2.3