[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-39592/node-undici

Sun, 28 Jul 2024 13:28:04 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bb1ccd8 by Salvatore Bonaccorso at 2024-07-28T22:27:08+02:00
Update status for CVE-2024-39592/node-undici

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4822,13 +4822,13 @@ CVE-2024-39593 (SAP Landscape Management allows an 
authenticated user to read co
 CVE-2024-39592 (Elements of PDCE does not perform necessary authorization 
checks for a ...)
        NOT-FOR-US: SAP
 CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for 
Node.js. Depend ...)
-       - node-undici <unfixed>
-       [bookworm] - node-undici <no-dsa> (Minor issue)
+       - node-undici <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq
        NOTE: https://github.com/nodejs/undici/issues/3328
        NOTE: https://github.com/nodejs/undici/issues/3337
        NOTE: https://github.com/nodejs/undici/pull/3338
-       NOTE: 
https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36
 (v6.14.0)
+       NOTE: Introduced by: 
https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36
 (v6.14.0)
+       NOTE: Fixed by: 
https://github.com/nodejs/undici/commit/035524e71756f1f6e2f9886f3c7227394bdb5363
 (v6.19.2)
 CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo 
\u2013 Chat ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Zealo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb1ccd86195c28c23256469398fd8bd7b0084f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb1ccd86195c28c23256469398fd8bd7b0084f2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to