[Git][security-tracker-team/security-tracker][master] CVE-2022-1379/plantuml not-affected, vulnerable code introduced in 1.2020.11

Wed May 18 11:18:47 BST 2022


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83619281 by Neil Williams at 2022-05-18T11:18:14+01:00
CVE-2022-1379/plantuml not-affected, vulnerable code introduced in 1.2020.11

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4809,7 +4809,10 @@ CVE-2022-29267
 CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...)
-	TODO: check
+	- plantuml <not-affected> (Vulnerable code introduced later)
+	NOTE: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a
+	NOTE: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 (v1.2022.5)
+	NOTE: Introduced in https://github.com/plantuml/plantuml/commit/3192fa218c2ad0420d03de70f57f8521e1de315d (v1.2020.11)
 CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...)
 	NOT-FOR-US: Apache APISIX
 CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836192817653bc698e0fd1f1e607a36c28d17f85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836192817653bc698e0fd1f1e607a36c28d17f85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220518/6c76ec08/attachment.htm>
