[Git][security-tracker-team/security-tracker][master] Add CVE-2021-23385/flask-security
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 2 21:42:45 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11ae4b76 by Salvatore Bonaccorso at 2022-08-02T22:42:09+02:00
Add CVE-2021-23385/flask-security
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106797,7 +106797,8 @@ CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open R
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
NOT-FOR-US: Node dns-packet
CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
- TODO: check
+ - flask-security <unfixed>
+ NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
NOT-FOR-US: Node koa-remove-trailing-slashes before
CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ae4b7676e53058e29d4b746778c9086c001a81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ae4b7676e53058e29d4b746778c9086c001a81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220802/4ea22b4a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list