[Git][security-tracker-team/security-tracker][master] Add CVE-2020-8116/node-dot-prop

Wed Feb 5 20:56:09 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
306763be by Salvatore Bonaccorso at 2020-02-05T21:55:48+01:00
Add CVE-2020-8116/node-dot-prop

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1096,7 +1096,10 @@ CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server
 CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...)
-	TODO: check
+	- node-dot-prop 5.2.0-1
+	[buster] - node-dot-prop <no-dsa> (Minor issue)
+	NOTE: https://hackerone.com/reports/719856
+	NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2
 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/306763be4fe68f19a884f7603750ab7eec5669e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/306763be4fe68f19a884f7603750ab7eec5669e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/0a229698/attachment.html>
