Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d7d25c9 by Salvatore Bonaccorso at 2024-02-25T21:31:08+01:00
Add CVE-2024-21501/node-sanitize-html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -143,7 +143,12 @@ CVE-2024-22395 (Improper access control vulnerability has
been identified in the
CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable
to Use o ...)
NOT-FOR-US: fastecdsa
CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are
vulnerable to ...)
- TODO: check
+ - node-sanitize-html <unfixed>
+ NOTE: https://github.com/apostrophecms/sanitize-html/pull/650
+ NOTE: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
+ NOTE: https://github.com/apostrophecms/apostrophe/discussions/4436
+ NOTE:
https://github.com/apostrophecms/sanitize-html/commit/075499d1b98c387f4200fd59972ca9b15796b51b
(2.12.1)
+ NOTE:
https://github.com/apostrophecms/sanitize-html/commit/1e2294c8001ce07c89448e03289818da631795ba
(2.12.1)
CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for
WordPress is ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
