[Git][security-tracker-team/security-tracker][master] Add CVE-2026-6322/node-ajv

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f2e7ab9 by Salvatore Bonaccorso at 2026-05-05T21:42:59+02:00
Add CVE-2026-6322/node-ajv

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,10 @@ CVE-2026-7411 (In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-mileston
 CVE-2026-6918 (In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote a ...)
 	TODO: check
 CVE-2026-6322 (fast-uri normalize() decoded percent-encoded authority delimiters insi ...)
-	TODO: check
+	- node-ajv <unfixed>
+	NOTE: https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc
+	NOTE: https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293 (v3.1.2)
+	NOTE: Embedded fast-uri used and provided as node-fast-uri
 CVE-2026-6262 (The Betheme theme for WordPress is vulnerable to Arbitrary File Deleti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6261 (The Betheme theme for WordPress is vulnerable to Arbitrary File Upload ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f2e7ab94cd696f7f5e1daf9ad5fc9717bf40516

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f2e7ab94cd696f7f5e1daf9ad5fc9717bf40516
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/443135b3/attachment.htm>