[Git][security-tracker-team/security-tracker][master] CVE-2024-31211/wordpress assigned

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 5 10:10:53 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5153f32b by Salvatore Bonaccorso at 2024-04-05T11:10:21+02:00
CVE-2024-31211/wordpress assigned

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,8 +16,6 @@ CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, whe
 	TODO: check
 CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL  ...)
 	NOT-FOR-US: InstantCMS
-CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization  ...)
-	TODO: check
 CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...)
 	TODO: check
 CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...)
@@ -27026,11 +27024,12 @@ CVE-2022-48616 (A Huawei data communication product has a command injection vuln
 	NOT-FOR-US: Huawei
 CVE-2022-48615 (An improper access control vulnerability exists in a Huawei datacom pr ...)
 	NOT-FOR-US: Huawei
-CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class]
+CVE-2024-31211 [RCE vulnerability in WP_HTML_Token class]
 	- wordpress 6.4.2+dfsg1-1
 	[bookworm] - wordpress <not-affected> (Vulnerable code not present)
 	[bullseye] - wordpress <not-affected> (Vulnerable code not present)
 	[buster] - wordpress <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m257-q4m5-j653
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information
 	NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
 CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5153f32b63a3be05cd5897ef40ed68dbe78aa559

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5153f32b63a3be05cd5897ef40ed68dbe78aa559
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/e2ba5f22/attachment.htm>

More information about the debian-security-tracker-commits mailing list