[Git][security-tracker-team/security-tracker][master] CVE-2022-25349/materialize undetermined
Neil Williams (@codehelp)
codehelp at debian.org
Tue May 3 13:33:00 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b265087e by Neil Williams at 2022-05-03T13:32:27+01:00
CVE-2022-25349/materialize undetermined
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11630,7 +11630,12 @@ CVE-2022-25351
CVE-2022-25350
RESERVED
CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...)
- TODO: check
+ - materialize <undetermined>
+ NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
+ NOTE: https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800
+ NOTE: https://github.com/materializecss/materialize/blob/main/js/autocomplete.js#L310
+ NOTE: https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js#L285
+ TODO: check if affected, CVE reported against the upstream fork
CVE-2022-25346
RESERVED
CVE-2022-25345
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b265087eed4c016286e740d69f2fb83e2e332121
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b265087eed4c016286e740d69f2fb83e2e332121
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/09558968/attachment.htm>
More information about the debian-security-tracker-commits
mailing list