[Git][security-tracker-team/security-tracker][master] Add new node-dompurify issue (CVE-2025-26791)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 14 19:39:30 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cac40105 by Salvatore Bonaccorso at 2025-02-14T20:38:57+01:00
Add new node-dompurify issue (CVE-2025-26791)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,8 @@
+CVE-2025-26791 [conditional and config dependent mXSS-style bypass]
+ - node-dompurify <unfixed>
+ [bookworm] - node-dompurify <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02 (3.2.4)
+ NOTE: https://ensy.zip/posts/dompurify-323-bypass/
CVE-2025-26789 (An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerabili ...)
NOT-FOR-US: Logpoint AgentX
CVE-2025-26788 (StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac40105e3451f1b57796cb8c8a7fe524b65937d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac40105e3451f1b57796cb8c8a7fe524b65937d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250214/6739514a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list