[Git][security-tracker-team/security-tracker][master] CVE-2021-43138/node-async not-affected

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 13 11:06:57 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71c5c5ed by Neil Williams at 2022-04-13T11:06:26+01:00
CVE-2021-43138/node-async not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32374,7 +32374,10 @@ CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Sub
 CVE-2021-43139
 	RESERVED
 CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which ...)
-	TODO: check
+	- node-async <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d (3.2.2)
+	NOTE: https://github.com/caolan/async/pull/1828
+	NOTE: https://jsfiddle.net/oz5twjd9/
 CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...)
 	NOT-FOR-US: hostel management system
 CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...)
@@ -40449,7 +40452,7 @@ CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve SYSTE
 CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the  ...)
 	NOT-FOR-US: Apperta Foundation OpenEyes
 CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was identified in Ap ...)
-	TODO: check
+	NOT-FOR-US: Apperta Foundation OpenEyes
 CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...)
 	NOT-FOR-US: playSMS
 CVE-2021-40372



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71c5c5ed74e8ef3665620ae25703356adfc22aad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71c5c5ed74e8ef3665620ae25703356adfc22aad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/9ccf7afd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list