diff --git a/advisories/github-reviewed/2022/05/GHSA-2655-q453-22f9/GHSA-2655-q453-22f9.json b/advisories/github-reviewed/2022/05/GHSA-2655-q453-22f9/GHSA-2655-q453-22f9.json index 6edb98216c1..3f6badea85f 100644 --- a/advisories/github-reviewed/2022/05/GHSA-2655-q453-22f9/GHSA-2655-q453-22f9.json +++ b/advisories/github-reviewed/2022/05/GHSA-2655-q453-22f9/GHSA-2655-q453-22f9.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2655-q453-22f9", - "modified": "2023-08-29T22:33:16Z", + "modified": "2024-09-18T18:56:00Z", "published": "2022-05-17T05:10:31Z", "aliases": [ "CVE-2012-4520" @@ -9,13 +9,20 @@ "summary": "Django Allows Arbitrary URL Generation", "details": "The `django.http.HttpRequest.get_host` function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } ], "affected": [ { "package": { "ecosystem": "PyPI", - "name": "django" + "name": "Django" }, "ranges": [ { @@ -34,7 +41,7 @@ { "package": { "ecosystem": "PyPI", - "name": "django" + "name": "Django" }, "ranges": [ { @@ -70,39 +77,7 @@ }, { "type": "WEB", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145" - }, - { - "type": "WEB", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html" - }, - { - "type": "WEB", - "url": "https://ubuntu.com/usn/usn-1632-1" - }, - { - "type": "WEB", - "url": "https://ubuntu.com/usn/usn-1757-1" - }, - { - "type": "WEB", - "url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2013/dsa-2634" + "url": "https://www.openwall.com/lists/oss-security/2012/10/30/4" }, { "type": "WEB", @@ -110,14 +85,86 @@ }, { "type": "WEB", - "url": "https://www.openwall.com/lists/oss-security/2012/10/30/4" + "url": "https://www.debian.org/security/2013/dsa-2634" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708" + }, + { + "type": "WEB", + "url": "https://ubuntu.com/usn/usn-1757-1" + }, + { + "type": "WEB", + "url": "https://ubuntu.com/usn/usn-1632-1" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html" + }, + { + "type": "WEB", + "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-7.yaml" + }, + { + "type": "PACKAGE", + "url": "https://github.com/django/django" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164" + }, + { + "type": "WEB", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145" + }, + { + "type": "WEB", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145" + }, + { + "type": "WEB", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html" + }, + { + "type": "WEB", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html" + }, + { + "type": "WEB", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html" + }, + { + "type": "WEB", + "url": "http://ubuntu.com/usn/usn-1632-1" + }, + { + "type": "WEB", + "url": "http://ubuntu.com/usn/usn-1757-1" + }, + { + "type": "WEB", + "url": "http://www.debian.org/security/2013/dsa-2634" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2012/10/30/4" } ], "database_specific": { "cwe_ids": [ "CWE-20" ], - "severity": "MODERATE", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-29T22:33:16Z", "nvd_published_at": "2012-11-18T23:55:00Z" diff --git a/advisories/github-reviewed/2022/05/GHSA-vjjp-9r83-22rc/GHSA-vjjp-9r83-22rc.json b/advisories/github-reviewed/2022/05/GHSA-vjjp-9r83-22rc/GHSA-vjjp-9r83-22rc.json index 51dccee5244..d58eee87e32 100644 --- a/advisories/github-reviewed/2022/05/GHSA-vjjp-9r83-22rc/GHSA-vjjp-9r83-22rc.json +++ b/advisories/github-reviewed/2022/05/GHSA-vjjp-9r83-22rc/GHSA-vjjp-9r83-22rc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-vjjp-9r83-22rc", - "modified": "2023-08-28T23:57:36Z", + "modified": "2024-09-18T18:57:02Z", "published": "2022-05-17T04:56:46Z", "aliases": [ "CVE-2013-4315" @@ -12,13 +12,17 @@ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "PyPI", - "name": "django" + "name": "Django" }, "ranges": [ { @@ -37,7 +41,7 @@ { "package": { "ecosystem": "PyPI", - "name": "django" + "name": "Django" }, "ranges": [ { @@ -71,6 +75,10 @@ "type": "PACKAGE", "url": "https://github.com/django/django" }, + { + "type": "WEB", + "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2013-20.yaml" + }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued" @@ -83,14 +91,6 @@ "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-1521.html" }, - { - "type": "WEB", - "url": "http://secunia.com/advisories/54772" - }, - { - "type": "WEB", - "url": "http://secunia.com/advisories/54828" - }, { "type": "WEB", "url": "http://www.debian.org/security/2013/dsa-2755"