[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2142/node-nunjucks
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 26 21:06:50 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7cdb876 by Salvatore Bonaccorso at 2024-11-26T22:06:28+01:00
Add CVE-2023-2142/node-nunjucks
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -128026,7 +128026,9 @@ CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving Sy
CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2142 (In Nunjucks versions prior to version 3.2.4, it was possible to bypas ...)
- TODO: check
+ - node-nunjucks <unfixed>
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1825980
+ NOTE: https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...)
NOT-FOR-US: DELMIA Apriso
CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso Release ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7cdb876869499420bba5a039617299194ed128f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7cdb876869499420bba5a039617299194ed128f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/d6c87523/attachment.htm>
More information about the debian-security-tracker-commits
mailing list