[Git][security-tracker-team/security-tracker][master] Add CVE-2023-26141/ruby-sidekiq
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 19 07:33:48 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0914e4ef by Salvatore Bonaccorso at 2023-09-19T08:33:01+02:00
Add CVE-2023-26141/ruby-sidekiq
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32277,7 +32277,9 @@ CVE-2023-26143
CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
TODO: check
CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...)
- TODO: check
+ - ruby-sidekiq <unfixed>
+ NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
+ NOTE: https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3)
CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...)
NOT-FOR-US: excalidraw
CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0914e4ef109034fb8c207301852816f05e50cff7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0914e4ef109034fb8c207301852816f05e50cff7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230919/5b173091/attachment.htm>
More information about the debian-security-tracker-commits
mailing list