[Git][security-tracker-team/security-tracker][master] CVE-2022-0436/grunt unfixed #1009676)

Neil Williams (@codehelp) codehelp at debian.org
Thu Apr 14 09:29:35 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75ad79e0 by Neil Williams at 2022-04-14T09:29:10+01:00
CVE-2022-0436/grunt unfixed #1009676)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13671,7 +13671,10 @@ CVE-2022-24283
 CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
 	NOT-FOR-US: Node karma
 CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. ...)
-	TODO: check
+	- grunt <unfixed> (bug #1009676)
+	NOTE: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 (v1.5.0)
+	NOTE: https://github.com/gruntjs/grunt/pull/1740
+	NOTE: https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
 CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
 	- mariadb-10.6 1:10.6.7-1
 	- mariadb-10.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75ad79e005f7db655cfbea98464b6686783b26d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75ad79e005f7db655cfbea98464b6686783b26d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/f17c4081/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list