[Git][security-tracker-team/security-tracker][master] Add CVE-2025-3573/civicrm
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 17 16:34:34 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e01f810e by Salvatore Bonaccorso at 2025-04-17T17:34:15+02:00
Add CVE-2025-3573/civicrm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1599,7 +1599,10 @@ CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows GSSAPI-
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
TODO: check upstream details
CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are vulnerable ...)
- TODO: check
+ - civicrm <unfixed>
+ NOTE: https://github.com/jquery-validation/jquery-validation/pull/2462
+ NOTE: https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
+ NOTE: civicrm embedds jquery-validation
CVE-2025-3470 (The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32997 (In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequest ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e01f810e281130e2cbf38dceb5d9106c4b7a0d79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e01f810e281130e2cbf38dceb5d9106c4b7a0d79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/6afeb255/attachment.htm>
More information about the debian-security-tracker-commits
mailing list