[Git][security-tracker-team/security-tracker][master] CVE-2022-24434/node-superagent not-affected, vulnerable code in added test support
Neil Williams (@codehelp)
codehelp at debian.org
Mon May 23 10:29:47 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1cce431c by Neil Williams at 2022-05-23T10:29:10+01:00
CVE-2022-24434/node-superagent not-affected, vulnerable code in added test support
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15125,7 +15125,11 @@ CVE-2022-24438
CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...)
NOT-FOR-US: Node git-pull-or-clone
CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker can s ...)
- TODO: check
+ - node-superagent <not-affected> (Vulnerable code only exists in Debian autopkgtest support)
+ NOTE: https://github.com/mscdex/busboy/issues/250
+ NOTE: https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
+ NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
+ NOTE: https://snyk.io/vuln/SNYK-JS-DICER-2311764
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
NOT-FOR-US: simple-git
CVE-2022-24431
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cce431c11a936cf7e965e89882c7f6a4af29e31
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cce431c11a936cf7e965e89882c7f6a4af29e31
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220523/c07b9713/attachment.htm>
More information about the debian-security-tracker-commits
mailing list