[Git][security-tracker-team/security-tracker][master] Add CVE-2026-24001/node-diff

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 22 20:51:54 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
253fe484 by Salvatore Bonaccorso at 2026-01-22T21:51:33+01:00
Add CVE-2026-24001/node-diff

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,7 +85,13 @@ CVE-2026-24006 (Seroval facilitates JS value stringification, including complex
 CVE-2026-24002 (Grist is spreadsheet software using Python as its formula language. Gr ...)
 	NOT-FOR-US: Grist
 CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior to vers ...)
-	TODO: check
+	- node-diff <unfixed>
+	NOTE: https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx
+	NOTE: https://github.com/kpdecker/jsdiff/issues/653
+	NOTE: https://github.com/kpdecker/jsdiff/pull/649
+	NOTE: Fixed by: https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5 (v8.0.3)
+	NOTE: Fixed by: https://github.com/kpdecker/jsdiff/commit/78017899c4c80d51db805b6e013079cadc6ed0ae (v5.2.1)
+	NOTE: Fixed by: https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683 (v4.0.3)
 CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that provides an A ...)
 	TODO: check
 CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF). Starting  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fe48438ad78654b6b0d768610efb67112e0d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fe48438ad78654b6b0d768610efb67112e0d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/963a10a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list