[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4990/yii, itp'ed

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ae023f3 by Salvatore Bonaccorso at 2025-03-20T22:33:00+01:00
Add CVE-2024-4990/yii, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -426,7 +426,7 @@ CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika, specif
 CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflo ...)
 	NOT-FOR-US: D-Link
 CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class contains a vu ...)
-	TODO: check
+	- yii <itp> (bug #597899)
 CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in flatpressb ...)
 	TODO: check
 CVE-2024-48591 (Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae023f36e45bd795bd17c50f2c70610c153d41e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae023f36e45bd795bd17c50f2c70610c153d41e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/79121438/attachment.htm>