Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 283e4fce by Salvatore Bonaccorso at 2026-06-17T22:27:12+02:00 Add new node-undici issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,13 +1,17 @@ CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls option when ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g CVE-2026-9690 (Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4. ...) NOT-FOR-US: WordPress plugin or theme CVE-2026-9679 (Impact: undici's cookie parser in parseSetCookie percent-decodes cooki ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-p88m-4jfj-68fv CVE-2026-9678 (Impact: Undici's cache interceptor incorrectly classifies some respons ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6 CVE-2026-9675 (Impact: The undici WebSocket client enforces maxPayloadSize per-frame ...) - TODO: check + - node-undici <not-affected> (Vulnerable code not present) + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq CVE-2026-9591 (Cross-site request forgery (CSRF) in NewsItemApiController in SimplCom ...) TODO: check CVE-2026-9570 (The Taskbuilder WordPress plugin before 5.0.8 does not properly sanit ...) @@ -25,9 +29,11 @@ CVE-2026-7850 (The WP Magnific Popup WordPress plugin through 1.0 does not prope CVE-2026-7300 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: RTI Connext CVE-2026-6734 (Impact: When using Socks5ProxyAgent, undici reuses a single connection ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable to response queue poiso ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52 CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Roo ...) NOT-FOR-US: Mitsubishi CVE-2026-55743 (The shell tool command allowlist in the SecurityPolicy of OpenHuman de ...) @@ -405,7 +411,8 @@ CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 al CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell with PayP ...) NOT-FOR-US: WordPress plugin CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on the cum ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic Counters to Wo ...) NOT-FOR-US: WordPress plugin CVE-2026-11975 (Stored cross-site scripting (XSS) in NewsItemApiControllerIn SimplComm ...) @@ -415,7 +422,8 @@ CVE-2026-11858 (Quanos SCHEMA ST4 on-premises contains a local privilege escalat CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains a local privilege escalation vu ...) TODO: check CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any SameSit ...) - TODO: check + - node-undici <unfixed> + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX Gateway Fabr ...) TODO: check CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to submit arbitr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283e4fce0b7b3ff8e9b0a8b11bd96f113ec4ce6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283e4fce0b7b3ff8e9b0a8b11bd96f113ec4ce6e You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
