Package: node-set-value X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security, upstream
Hi, The following vulnerability was published for node-set-value. CVE-2021-23440[0]: | This affects the package set-value before 4.0.1. A type confusion | vulnerability can lead to a bypass of CVE-2019-10747 when the user- | provided keys used in the path parameter are arrays. CVE-2019-10747 was reported as Debian bug 941189. [1] If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-23440 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23440 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941189 Please adjust the affected versions in the BTS as needed. -- Neil Williams ============= https://linux.codehelp.co.uk/
pgpUOesCLkvAf.pgp
Description: OpenPGP digital signature
