[Git][security-tracker-team/security-tracker][master] node-path-to-regexp n/a

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68bee799 by Moritz Muehlenhoff at 2024-12-06T14:26:07+01:00
node-path-to-regexp n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,9 @@ CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vuln
 CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the Device Settin ...)
 	NOT-FOR-US: LibreNMS
 CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. In certa ...)
-	TODO: check
+	- node-path-to-regexp <not-affected> (0.1.x never patched in Debian)
+	NOTE: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w
+	NOTE: Incomplete fix for 0.1.x for CVE-2024-45296
 CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68bee79999117126d606759c828bbe6dfff831ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68bee79999117126d606759c828bbe6dfff831ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/cd69cea1/attachment.htm>