[Git][security-tracker-team/security-tracker][master] Triage CVE-2022-29078 in node-ejs for stretch LTS.

Chris Lamb (@lamby) Fri, 29 Apr 2022 10:10:43 -0700


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker



Commits:
a7b4e5f2 by Chris Lamb at 2022-04-29T10:10:09-07:00
Triage CVE-2022-29078 in node-ejs for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2333,6 +2333,7 @@ CVE-2022-29079
        RESERVED
 CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for 
Node.js  ...)
        - node-ejs 3.1.7-1 (bug #1010359)
+       [stretch] - node-ejs <end-of-life> (Node not covered by security 
support)
        NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/
        NOTE: 
https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf 
(v3.1.7)
 CVE-2022-29077 (A heap-based buffer overflow exists in rippled before 1.8.5. 
The vulne ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b4e5f2a5e8177834675fd4668c1f3140bb703f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b4e5f2a5e8177834675fd4668c1f3140bb703f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage CVE-2022-29078 in node-ejs for stretch LTS.

Reply via email to