[Secure-testing-commits] r39982 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Sat Feb 27 10:16:28 UTC 2016
Author: pabs
Date: 2016-02-27 10:16:27 +0000 (Sat, 27 Feb 2016)
New Revision: 39982
Modified:
data/CVE/list
Log:
mustache.js content injection
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-27 10:12:37 UTC (rev 39981)
+++ data/CVE/list 2016-02-27 10:16:27 UTC (rev 39982)
@@ -544,6 +544,11 @@
NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
NOT-FOR-US: SAP
+CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
+ - mustache.js <unfixed>
+ NOTE: fixed in 2.2.1
+ NOTE: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
+ NOTE: https://nodesecurity.io/advisories/62
CVE-2015-XXXX [SQL injection due to unescaped object keys]
- node-mysql 2.0.0~alpha8-1
NOTE: https://github.com/felixge/node-mysql/issues/342
More information about the Secure-testing-commits
mailing list