[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-3721/node-lodash

Fri Feb 16 06:26:01 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e68559a by Salvatore Bonaccorso at 2018-02-16T07:25:37+01:00
Add CVE-2018-3721/node-lodash

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8752,8 +8752,12 @@ CVE-2018-3723
 	RESERVED
 CVE-2018-3722
 	RESERVED
-CVE-2018-3721
+CVE-2018-3721 [Prototype pollution in utilities function]
 	RESERVED
+	- node-lodash <unfixed> (unimportant)
+	NOTE: https://snyk.io/vuln/npm:lodash:20180130
+	NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
+	NOTE: nodejs not covered by security support
 CVE-2018-3720
 	RESERVED
 CVE-2018-3719



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e68559aa8e8d2fb713e5ca5fcda30bb9a6f8b4e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e68559aa8e8d2fb713e5ca5fcda30bb9a6f8b4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/96c37dd4/attachment.html>
