[Git][security-tracker-team/security-tracker][master] Try to clarify scope for CVE-2021-44906
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 21 05:28:34 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd8893a3 by Salvatore Bonaccorso at 2022-03-21T06:27:03+01:00
Try to clarify scope for CVE-2021-44906
Thee was an attempt to fix the prototype pollution issue but resultet to
be insufficient. The CVE-2021-44906 is for this issue that still persist
up to (and including) the 1.2.5 version.
The project itself seems stalled and got a fork.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19774,7 +19774,8 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via fil
- node-minimist <unfixed>
NOTE: https://github.com/substack/minimist/issues/164
NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- NOTE: The fix for prototype pollution in setKey() CVE-2021-44906 is insufficient.
+ NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey()
+ NOTE: was insufficient.
CVE-2021-44905
RESERVED
CVE-2021-44904
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd8893a3526da106bb95d054630a4336177cf77a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd8893a3526da106bb95d054630a4336177cf77a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220321/ed750acb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list