[Git][security-tracker-team/security-tracker][master] CVE-2021-43138/node-async not-affected

Wed, 13 Apr 2022 03:07:05 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
71c5c5ed by Neil Williams at 2022-04-13T11:06:26+01:00
CVE-2021-43138/node-async not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32374,7 +32374,10 @@ CVE-2021-43140 (SQL Injection vulnerability exists in 
Sourcecodester. Simple Sub
 CVE-2021-43139
        RESERVED
 CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) 
, which ...)
-       TODO: check
+       - node-async <not-affected> (Vulnerable code introduced later)
+       NOTE: 
https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d 
(3.2.2)
+       NOTE: https://github.com/caolan/async/pull/1828
+       NOTE: https://jsfiddle.net/oz5twjd9/
 CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery 
(CSRF) vulne ...)
        NOT-FOR-US: hostel management system
 CVE-2021-43136 (An authentication bypass issue in FormaLMS &lt;= 2.4.4 allows 
an attac ...)
@@ -40449,7 +40452,7 @@ CVE-2021-40376 (otris Update Manager 1.2.1.0 allows 
local users to achieve SYSTE
 CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to 
view the  ...)
        NOT-FOR-US: Apperta Foundation OpenEyes
 CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was 
identified in Ap ...)
-       TODO: check
+       NOT-FOR-US: Apperta Foundation OpenEyes
 CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by 
entering PHP c ...)
        NOT-FOR-US: playSMS
 CVE-2021-40372



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71c5c5ed74e8ef3665620ae25703356adfc22aad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71c5c5ed74e8ef3665620ae25703356adfc22aad
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to