[Git][security-tracker-team/security-tracker][master] Associate CVE-2023-26920 with node-webfont
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 21 09:36:50 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ceef7530 by Salvatore Bonaccorso at 2026-02-21T10:36:19+01:00
Associate CVE-2023-26920 with node-webfont
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -296391,7 +296391,10 @@ CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 al
CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...)
NOT-FOR-US: quectel
CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.)
- NOT-FOR-US: fast-xml-parser
+ - node-webfont <undetermined>
+ NOTE: https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7
+ NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804 (4.2.1)
+ NOTE: node-webfont provides node-fast-xml-parser
CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
NOT-FOR-US: delight-nashorn-sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceef7530f00faefaa06a9781a8da6e4d05a1bfbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceef7530f00faefaa06a9781a8da6e4d05a1bfbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260221/6a93d86c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list