[Git][security-tracker-team/security-tracker][master] Add CVE-2021-23567 colors.js <not-affected>
Neil Williams (@codehelp)
codehelp at debian.org
Tue Jan 25 14:30:27 GMT 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc6addbf by Neil Williams at 2022-01-25T14:29:39+00:00
Add CVE-2021-23567 colors.js <not-affected>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66506,7 +66506,9 @@ CVE-2021-23569
CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
NOT-FOR-US: extend2 (fork of node-extend which is not affected)
CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
- TODO: check
+ - colors.js <not-affected> (Vulnerable code never in a released Debian version)
+ NOTE: https://github.com/Marak/colors.js/issues/285
+ NOTE: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information Exposur ...)
NOT-FOR-US: Node nanoid (NaN0-1D)
CVE-2021-23565
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc6addbfd0539f0f405cf7961eb3e78d12ad05c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc6addbfd0539f0f405cf7961eb3e78d12ad05c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/e5925c57/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list