[Git][security-tracker-team/security-tracker][master] Add CVE-2024-37890/node-ws
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 17 22:01:29 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8187559 by Salvatore Bonaccorso at 2024-06-17T23:00:52+02:00
Add CVE-2024-37890/node-ws
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,14 @@ CVE-2024-37893 (Firefly III is a free and open source personal finance manager.
CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using ...)
TODO: check
CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...)
- TODO: check
+ - node-ws <unfixed>
+ NOTE: https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
+ NOTE: https://github.com/websockets/ws/issues/2230
+ NOTE: https://github.com/websockets/ws/pull/2231
+ NOTE: https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c (8.17.1)
+ NOTE: https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f (7.5.10)
+ NOTE: https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 (6.2.3)
+ NOTE: https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e (5.2.4)
CVE-2024-37848 (SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 al ...)
NOT-FOR-US: Online-Bookstore-Project-In-PHP
CVE-2024-37840 (SQL injection vulnerability in processscore.php in Itsourcecode Learni ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8187559b5245a9c7ccf7d72421ecb13615c116c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8187559b5245a9c7ccf7d72421ecb13615c116c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240617/eeaab4f9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list