github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-2655-q453-22f9
GHSA-vjjp-9r83-22rc
This commit is contained in:
advisory-database[bot] 2024-09-18 18:57:30 +00:00
Родитель 2cc642fb50
Коммит 01530de4ab
2 изменённых файлов: 97 добавлений и 50 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

125
advisories/github-reviewed/2022/05/GHSA-2655-q453-22f9/GHSA-2655-q453-22f9.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2655-q453-22f9",
"modified": "2023-08-29T22:33:16Z",
"modified": "2024-09-18T18:56:00Z",
"published": "2022-05-17T05:10:31Z",
"aliases": [
"CVE-2012-4520"
@ -9,13 +9,20 @@
"summary": "Django Allows Arbitrary URL Generation",
"details": "The `django.http.HttpRequest.get_host` function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -34,7 +41,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -70,39 +77,7 @@
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
},
{
"type": "WEB",
"url": "https://ubuntu.com/usn/usn-1632-1"
},
{
"type": "WEB",
"url": "https://ubuntu.com/usn/usn-1757-1"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2013/dsa-2634"
"url": "https://www.openwall.com/lists/oss-security/2012/10/30/4"
},
{
"type": "WEB",
@ -110,14 +85,86 @@
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2012/10/30/4"
"url": "https://www.debian.org/security/2013/dsa-2634"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708"
},
{
"type": "WEB",
"url": "https://ubuntu.com/usn/usn-1757-1"
},
{
"type": "WEB",
"url": "https://ubuntu.com/usn/usn-1632-1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-7.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1632-1"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1757-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2634"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/4"
}
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2023-08-29T22:33:16Z",
"nvd_published_at": "2012-11-18T23:55:00Z"

22
advisories/github-reviewed/2022/05/GHSA-vjjp-9r83-22rc/GHSA-vjjp-9r83-22rc.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vjjp-9r83-22rc",
"modified": "2023-08-28T23:57:36Z",
"modified": "2024-09-18T18:57:02Z",
"published": "2022-05-17T04:56:46Z",
"aliases": [
"CVE-2013-4315"
@ -12,13 +12,17 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -37,7 +41,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -71,6 +75,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2013-20.yaml"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued"
@ -83,14 +91,6 @@
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1521.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/54772"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/54828"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2755"