Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cac40105 by Salvatore Bonaccorso at 2025-02-14T20:38:57+01:00
Add new node-dompurify issue (CVE-2025-26791)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,8 @@
+CVE-2025-26791 [conditional and config dependent mXSS-style bypass]
+       - node-dompurify <unfixed>
+       [bookworm] - node-dompurify <no-dsa> (Minor issue)
+       NOTE: Fixed by: 
https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
 (3.2.4)
+       NOTE: https://ensy.zip/posts/dompurify-323-bypass/
 CVE-2025-26789 (An issue was discovered in Logpoint AgentX before 1.5.0. A 
vulnerabili ...)
        NOT-FOR-US: Logpoint AgentX
 CVE-2025-26788 (StrongKey FIDO Server before 4.15.1 treats a non-discoverable 
(namedcr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac40105e3451f1b57796cb8c8a7fe524b65937d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac40105e3451f1b57796cb8c8a7fe524b65937d
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to