github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge branch 'github:main' into main

This commit is contained in:
Mustapha BARKI 2024-09-17 17:17:27 +01:00 коммит произвёл GitHub
Родитель 6905620eba 1509e7a6a4
Коммит b480774cba
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
913 изменённых файлов: 23106 добавлений и 1816 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

29
advisories/github-reviewed/2018/07/GHSA-3jqw-crqj-w8qw/GHSA-3jqw-crqj-w8qw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3jqw-crqj-w8qw",
"modified": "2024-05-16T18:38:37Z",
"modified": "2024-09-16T22:34:20Z",
"published": "2018-07-23T19:51:35Z",
"aliases": [
"CVE-2011-4137"
@ -9,20 +9,27 @@
"summary": "Denial of service in django",
"details": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "0"
},
{
"fixed": "1.2.7"
@ -34,14 +41,14 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.3.0"
"introduced": "1.3"
},
{
"fixed": "1.3.1"
@ -76,6 +83,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-2.yaml"
},
{
"type": "WEB",
"url": "https://hermes.opensuse.org/messages/14700881"
@ -100,10 +111,6 @@
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/09/15/5"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46614"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2332"
@ -113,7 +120,7 @@
"cwe_ids": [
"CWE-1088"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:55:25Z",
"nvd_published_at": null

21
advisories/github-reviewed/2018/07/GHSA-5j2h-h5hg-3wf8/GHSA-5j2h-h5hg-3wf8.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5j2h-h5hg-3wf8",
"modified": "2024-05-16T18:44:20Z",
"modified": "2024-09-16T21:30:38Z",
"published": "2018-07-23T19:51:10Z",
"aliases": [
"CVE-2011-0696"
@ -9,7 +9,14 @@
"summary": "Cross-site request forgery in Django",
"details": "Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -22,7 +29,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.1.0"
"introduced": "1.1"
},
{
"fixed": "1.1.4"
@ -41,7 +48,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.5"
@ -76,6 +83,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-10.yaml"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html"
@ -149,7 +160,7 @@
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:16:24Z",
"nvd_published_at": null

14
advisories/github-reviewed/2018/07/GHSA-5mc5-5j6c-qmf9/GHSA-5mc5-5j6c-qmf9.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5mc5-5j6c-qmf9",
"modified": "2021-09-01T22:16:38Z",
"modified": "2024-09-13T14:35:01Z",
"published": "2018-07-13T16:01:01Z",
"aliases": [
"CVE-2017-7235"
],
"summary": "High severity vulnerability that affects cfscrape",
"summary": "cfscrape Improper Input Validation vulnerability",
"details": "An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -61,7 +65,11 @@
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97191"
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cfscrape/PYSEC-2017-7.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170701161512/http://www.securityfocus.com/bid/97191"
}
],
"database_specific": {

41
advisories/github-reviewed/2018/07/GHSA-7g9h-c88w-r7h2/GHSA-7g9h-c88w-r7h2.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7g9h-c88w-r7h2",
"modified": "2024-05-16T18:42:40Z",
"modified": "2024-09-16T21:55:42Z",
"published": "2018-07-23T19:52:31Z",
"aliases": [
"CVE-2011-0698"
@ -9,7 +9,14 @@
"summary": "Directory traversal in Django",
"details": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -22,7 +29,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.1.0"
"introduced": "1.1"
},
{
"fixed": "1.1.4"
@ -41,7 +48,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.5"
@ -74,11 +81,19 @@
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/09/6"
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43230"
"url": "https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/09/6"
},
{
"type": "WEB",
@ -87,25 +102,13 @@
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46296"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0372"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0439"
}
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"severity": "HIGH",
"severity": "CRITICAL",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:22:48Z",
"nvd_published_at": null

45
advisories/github-reviewed/2018/07/GHSA-7wph-fc4w-wqp2/GHSA-7wph-fc4w-wqp2.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7wph-fc4w-wqp2",
"modified": "2024-05-21T20:19:56Z",
"modified": "2024-09-17T15:03:58Z",
"published": "2018-07-23T19:51:59Z",
"aliases": [
"CVE-2010-4535"
@ -9,7 +9,14 @@
"summary": "Improper date handling in Django",
"details": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
@ -41,7 +48,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.4"
@ -76,6 +83,14 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-9.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228193349/http://www.securityfocus.com/bid/45563"
},
{
"type": "WEB",
"url": "http://code.djangoproject.com/changeset/15032"
@ -88,18 +103,6 @@
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42715"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42827"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42913"
},
{
"type": "WEB",
"url": "http://www.djangoproject.com/weblog/2010/dec/22/security"
@ -112,21 +115,9 @@
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45563"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1040-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0048"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0098"
}
],
"database_specific": {

63
advisories/github-reviewed/2018/07/GHSA-8m3r-rv5g-fcpq/GHSA-8m3r-rv5g-fcpq.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8m3r-rv5g-fcpq",
"modified": "2024-03-07T21:56:36Z",
"modified": "2024-09-16T21:47:18Z",
"published": "2018-07-23T21:01:00Z",
"aliases": [
"CVE-2011-0697"
@ -9,20 +9,27 @@
"summary": "Cross-site scripting in django",
"details": "Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.1.0"
"introduced": "1.1"
},
{
"fixed": "1.1.4"
@ -34,14 +41,14 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.5"
@ -84,6 +91,30 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110521033304/http://secunia.com/advisories/43297"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110521033309/http://secunia.com/advisories/43382"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110521033314/http://secunia.com/advisories/43426"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html"
@ -111,26 +142,6 @@
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1066-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0372"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0388"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0429"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0439"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0441"
}
],
"database_specific": {

18
advisories/github-reviewed/2018/07/GHSA-8p5c-f328-9fvv/GHSA-8p5c-f328-9fvv.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8p5c-f328-9fvv",
"modified": "2022-04-26T18:15:07Z",
"modified": "2024-09-16T13:49:58Z",
"published": "2018-07-13T16:01:21Z",
"aliases": [
"CVE-2017-0359"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -55,14 +59,26 @@
"type": "WEB",
"url": "https://github.com/anthraxx/diffoscope/commit/f379d1f611dbd5d361e12b732e07c8aee45ff226"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/854723"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8p5c-f328-9fvv"
},
{
"type": "PACKAGE",
"url": "https://github.com/anthraxx/diffoscope"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2018-83.yaml"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0359"

14
advisories/github-reviewed/2018/07/GHSA-9pv8-q5rx-c8gq/GHSA-9pv8-q5rx-c8gq.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9pv8-q5rx-c8gq",
"modified": "2023-08-07T16:57:38Z",
"modified": "2024-09-16T22:58:59Z",
"published": "2018-07-13T15:16:59Z",
"aliases": [
"CVE-2017-16764"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -53,10 +57,18 @@
"type": "WEB",
"url": "https://github.com/illagrenan/django-make-app/commit/acd814433d1021aa8783362521b0bd151fdfc9d2"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9pv8-q5rx-c8gq"
},
{
"type": "PACKAGE",
"url": "https://github.com/illagrenan/django-make-app"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-make-app/PYSEC-2017-79.yaml"
},
{
"type": "WEB",
"url": "https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app"

22
advisories/github-reviewed/2018/07/GHSA-fcf9-3qw3-gxmj/GHSA-fcf9-3qw3-gxmj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-fcf9-3qw3-gxmj",
"modified": "2024-02-23T20:24:24Z",
"modified": "2024-09-13T18:13:03Z",
"published": "2018-07-31T18:28:09Z",
"aliases": [
"CVE-2018-10903"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -48,13 +52,29 @@
"type": "WEB",
"url": "https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fcf9-3qw3-gxmj"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/cryptography"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3720-1"
}
],
"database_specific": {

49
advisories/github-reviewed/2018/07/GHSA-fwr5-q9rx-294f/GHSA-fwr5-q9rx-294f.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-fwr5-q9rx-294f",
"modified": "2024-05-21T20:21:49Z",
"modified": "2024-09-16T22:56:41Z",
"published": "2018-07-23T19:51:40Z",
"aliases": [
"CVE-2010-4534"
@ -9,13 +9,20 @@
"summary": "Improper query string handling in Django",
"details": "The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -34,14 +41,14 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.4"
@ -76,6 +83,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html"
@ -100,18 +111,6 @@
"type": "WEB",
"url": "http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42715"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42827"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42913"
},
{
"type": "WEB",
"url": "http://www.djangoproject.com/weblog/2010/dec/22/security"
@ -124,25 +123,9 @@
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/515446"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45562"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1040-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0048"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0098"
}
],
"database_specific": {

23
advisories/github-reviewed/2018/07/GHSA-fxpg-gg9g-76gj/GHSA-fxpg-gg9g-76gj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-fxpg-gg9g-76gj",
"modified": "2024-03-07T21:50:30Z",
"modified": "2024-09-16T22:57:31Z",
"published": "2018-07-23T19:52:42Z",
"aliases": [
"CVE-2010-3082"
@ -9,20 +9,27 @@
"summary": "Cross-site scripting in django",
"details": "Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.2"
},
{
"fixed": "1.2.2"
@ -57,6 +64,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2010-12.yaml"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security&m=128403961700444&w=2"
@ -65,10 +76,6 @@
"type": "WEB",
"url": "http://www.djangoproject.com/weblog/2010/sep/08/security-release"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/43116"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1004-1"

37
advisories/github-reviewed/2018/07/GHSA-h95j-h2rv-qrg4/GHSA-h95j-h2rv-qrg4.json
Просмотреть файл

@ -1,21 +1,28 @@
{
"schema_version": "1.4.0",
"id": "GHSA-h95j-h2rv-qrg4",
"modified": "2021-09-14T17:15:58Z",
"modified": "2024-09-16T22:05:38Z",
"published": "2018-07-23T19:51:19Z",
"aliases": [
"CVE-2011-4140"
],
"summary": "Moderate severity vulnerability that affects django",
"summary": "Django Cross-Site Request Forgery vulnerability",
"details": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -25,7 +32,7 @@
"introduced": "0"
},
{
"fixed": "1.2.7"
"last_affected": "1.2.7"
}
]
}
@ -34,17 +41,17 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.3.0"
"introduced": "1.3"
},
{
"fixed": "1.3.1"
"last_affected": "1.3.1"
}
]
}
@ -68,10 +75,18 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-5.yaml"
},
{
"type": "WEB",
"url": "https://hermes.opensuse.org/messages/14700881"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140806062902/http://secunia.com/advisories/46614"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2011/sep/09"
@ -88,10 +103,6 @@
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46614"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2332"
@ -101,7 +112,7 @@
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:39:45Z",
"nvd_published_at": null

10
advisories/github-reviewed/2018/07/GHSA-hxf9-7h4c-f5jv/GHSA-hxf9-7h4c-f5jv.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hxf9-7h4c-f5jv",
"modified": "2022-04-26T18:07:11Z",
"modified": "2024-09-16T21:24:24Z",
"published": "2018-07-12T20:30:40Z",
"aliases": [
"CVE-2018-6596"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -73,6 +77,10 @@
"type": "WEB",
"url": "https://github.com/anymail/django-anymail/releases/tag/v1.3"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-anymail/PYSEC-2018-7.yaml"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4107"

10
advisories/github-reviewed/2018/07/GHSA-m85c-9mf8-m2m6/GHSA-m85c-9mf8-m2m6.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m85c-9mf8-m2m6",
"modified": "2023-08-23T22:09:03Z",
"modified": "2024-09-13T18:29:06Z",
"published": "2018-07-18T18:28:26Z",
"aliases": [
"CVE-2017-16763"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -61,6 +65,10 @@
"type": "PACKAGE",
"url": "https://github.com/bbengfort/confire"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/confire/PYSEC-2017-78.yaml"
},
{
"type": "WEB",
"url": "https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16763-configure-loaded-through-confire"

39
advisories/github-reviewed/2018/07/GHSA-pvhp-v9qp-xf5r/GHSA-pvhp-v9qp-xf5r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pvhp-v9qp-xf5r",
"modified": "2023-08-31T21:39:49Z",
"modified": "2024-09-16T23:00:29Z",
"published": "2018-07-23T19:50:48Z",
"aliases": [
"CVE-2011-4103"
@ -9,7 +9,14 @@
"summary": "Django-piston and Django-tastypie do not properly deserialize YAML data",
"details": "emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.\n\nDjango Tastypie has a very similar vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -29,28 +36,6 @@
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 0.2.2.0"
}
},
{
"package": {
"ecosystem": "PyPI",
"name": "django-piston"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0.2.2.2"
},
{
"fixed": "0.2.3"
}
]
}
]
}
],
@ -75,6 +60,10 @@
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pvhp-v9qp-xf5r"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-piston/PYSEC-2014-24.yaml"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases"
@ -92,7 +81,7 @@
"cwe_ids": [
"CWE-20"
],
"severity": "HIGH",
"severity": "CRITICAL",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:50:09Z",
"nvd_published_at": null

31
advisories/github-reviewed/2018/07/GHSA-x88j-93vc-wpmp/GHSA-x88j-93vc-wpmp.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x88j-93vc-wpmp",
"modified": "2024-05-16T18:41:00Z",
"modified": "2024-09-16T23:03:58Z",
"published": "2018-07-23T19:52:39Z",
"aliases": [
"CVE-2011-4136"
@ -9,23 +9,30 @@
"summary": "Session manipulation in Django",
"details": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.3.0"
"introduced": "0"
},
{
"fixed": "1.3.1"
"fixed": "1.2.7"
}
]
}
@ -34,17 +41,17 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.2.0"
"introduced": "1.3"
},
{
"fixed": "1.2.7"
"fixed": "1.3.1"
}
]
}
@ -76,6 +83,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-1.yaml"
},
{
"type": "WEB",
"url": "https://hermes.opensuse.org/messages/14700881"
@ -96,10 +107,6 @@
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46614"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2332"

14
advisories/github-reviewed/2018/07/GHSA-xp5m-4c9f-498q/GHSA-xp5m-4c9f-498q.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-xp5m-4c9f-498q",
"modified": "2023-09-05T18:25:18Z",
"modified": "2024-09-16T23:02:16Z",
"published": "2018-07-13T15:17:18Z",
"aliases": [
"CVE-2017-6591"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -34,6 +38,14 @@
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xp5m-4c9f-498q"
},
{
"type": "PACKAGE",
"url": "https://github.com/barraq/django-epiceditor"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-epiceditor/PYSEC-2017-86.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170706013108/http://www.morningchen.com/2017/03/09/Cross-site-scripting-vulnerability-in-django-epiceditor"

50
advisories/github-reviewed/2018/10/GHSA-5hg3-6c2f-f3wr/GHSA-5hg3-6c2f-f3wr.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5hg3-6c2f-f3wr",
"modified": "2024-05-07T20:42:24Z",
"modified": "2024-09-17T15:06:31Z",
"published": "2018-10-04T21:58:46Z",
"aliases": [
"CVE-2018-14574"
@ -12,32 +12,17 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.15"
}
]
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -52,6 +37,25 @@
]
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.11"
},
{
"fixed": "1.11.15"
}
]
}
]
}
],
"references": [
@ -79,6 +83,10 @@
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5hg3-6c2f-f3wr"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3726-1"

10
advisories/github-reviewed/2018/10/GHSA-cf3c-fffp-34qh/GHSA-cf3c-fffp-34qh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cf3c-fffp-34qh",
"modified": "2023-09-05T15:09:02Z",
"modified": "2024-09-13T18:11:18Z",
"published": "2018-10-29T19:05:38Z",
"aliases": [
"CVE-2018-14572"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -52,6 +56,10 @@
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cf3c-fffp-34qh"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/conference-scheduler-cli/PYSEC-2018-64.yaml"
},
{
"type": "WEB",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/25/cve-2018-14572-conference-scheduler-cli"

16
advisories/github-reviewed/2018/12/GHSA-v4x4-98cg-wr4g/GHSA-v4x4-98cg-wr4g.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v4x4-98cg-wr4g",
"modified": "2023-09-05T17:59:57Z",
"modified": "2024-09-13T20:11:10Z",
"published": "2018-12-26T17:45:19Z",
"aliases": [
"CVE-2018-20325"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
@ -49,16 +53,24 @@
"type": "WEB",
"url": "https://github.com/danijar/definitions/issues/14"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v4x4-98cg-wr4g"
},
{
"type": "PACKAGE",
"url": "https://github.com/danijar/definitions"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/definitions/PYSEC-2018-82.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:56:38Z",
"nvd_published_at": null

20
advisories/github-reviewed/2019/01/GHSA-2f9x-5v75-3qv4/GHSA-2f9x-5v75-3qv4.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2f9x-5v75-3qv4",
"modified": "2024-03-07T22:57:21Z",
"modified": "2024-09-17T15:09:40Z",
"published": "2019-01-04T17:50:00Z",
"aliases": [
"CVE-2018-7537"
@ -12,13 +12,17 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -37,7 +41,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -56,7 +60,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -106,6 +110,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"
@ -121,10 +129,6 @@
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103357"
}
],
"database_specific": {

14
advisories/github-reviewed/2019/01/GHSA-9gqg-3fxr-9hv7/GHSA-9gqg-3fxr-9hv7.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9gqg-3fxr-9hv7",
"modified": "2023-08-30T23:28:15Z",
"modified": "2024-09-12T20:12:09Z",
"published": "2019-01-25T16:19:09Z",
"aliases": [
"CVE-2017-17836"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -47,6 +51,14 @@
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9gqg-3fxr-9hv7"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-149.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E"

14
advisories/github-reviewed/2019/02/GHSA-rv95-4wxj-6fqq/GHSA-rv95-4wxj-6fqq.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rv95-4wxj-6fqq",
"modified": "2023-09-05T09:29:43Z",
"modified": "2024-09-13T14:26:33Z",
"published": "2019-02-07T18:18:22Z",
"aliases": [
"CVE-2017-18361"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -55,6 +59,14 @@
{
"type": "PACKAGE",
"url": "https://github.com/Pylons/colander"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rv95-4wxj-6fqq"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/colander/PYSEC-2019-167.yaml"
}
],
"database_specific": {

10
advisories/github-reviewed/2019/04/GHSA-5xc6-fpc7-4qvg/GHSA-5xc6-fpc7-4qvg.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5xc6-fpc7-4qvg",
"modified": "2023-09-05T18:40:23Z",
"modified": "2024-09-13T14:31:59Z",
"published": "2019-04-08T15:19:01Z",
"aliases": [
"CVE-2018-12680"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -51,6 +55,10 @@
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5xc6-fpc7-4qvg"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/coapthon/PYSEC-2019-165.yaml"
}
],
"database_specific": {

10
advisories/github-reviewed/2019/04/GHSA-w6j4-3gh2-9f5j/GHSA-w6j4-3gh2-9f5j.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-w6j4-3gh2-9f5j",
"modified": "2023-08-30T23:11:45Z",
"modified": "2024-09-12T20:30:52Z",
"published": "2019-04-18T14:27:40Z",
"aliases": [
"CVE-2019-0229"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -48,6 +52,10 @@
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-215.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"

22
advisories/github-reviewed/2019/05/GHSA-g86p-hgx5-2pfh/GHSA-g86p-hgx5-2pfh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-g86p-hgx5-2pfh",
"modified": "2022-03-04T21:16:27Z",
"modified": "2024-09-13T17:46:56Z",
"published": "2019-05-29T18:48:11Z",
"aliases": [
"CVE-2019-12300"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -69,6 +73,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12300"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g86p-hgx5-2pfh"
},
{
"type": "PACKAGE",
"url": "https://github.com/buildbot/buildbot"
@ -76,6 +84,18 @@
{
"type": "WEB",
"url": "https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/buildbot/PYSEC-2019-6.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLOM2K4M4723BCLHZJEX52KJXZSEVRL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GXKO7OYLKBTXXXKF4VPHWT7GVYWFVYA"
}
],
"database_specific": {

30
advisories/github-reviewed/2019/07/GHSA-7vvr-h4p5-m7fh/GHSA-7vvr-h4p5-m7fh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7vvr-h4p5-m7fh",
"modified": "2023-08-07T15:09:13Z",
"modified": "2024-09-13T14:19:43Z",
"published": "2019-07-26T16:10:20Z",
"aliases": [
"CVE-2018-19801"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -40,6 +44,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19801"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh"
},
{
"type": "PACKAGE",
"url": "https://github.com/aubio/aubio"
@ -47,6 +55,26 @@
{
"type": "WEB",
"url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"
}
],
"database_specific": {

10
advisories/github-reviewed/2019/07/GHSA-p3w6-jcg4-52xh/GHSA-p3w6-jcg4-52xh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p3w6-jcg4-52xh",
"modified": "2022-09-17T00:26:01Z",
"modified": "2024-09-16T21:58:34Z",
"published": "2019-07-02T15:43:41Z",
"aliases": [
"CVE-2019-13177"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -64,6 +68,10 @@
{
"type": "WEB",
"url": "https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-rest-registration/PYSEC-2019-20.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2019/08/GHSA-vx6v-2rg6-865h/GHSA-vx6v-2rg6-865h.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vx6v-2rg6-865h",
"modified": "2023-04-20T21:51:43Z",
"modified": "2024-09-16T21:48:51Z",
"published": "2019-08-27T17:39:33Z",
"aliases": [
"CVE-2019-15486"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -57,6 +61,10 @@
"type": "WEB",
"url": "https://github.com/ierror/django-js-reverse/commit/a3b57d1e4424e2fadabcd526d170c4868d55159c"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vx6v-2rg6-865h"
},
{
"type": "PACKAGE",
"url": "https://github.com/ierror/django-js-reverse"
@ -64,6 +72,10 @@
{
"type": "WEB",
"url": "https://github.com/ierror/django-js-reverse/compare/v0.9.0...v0.9.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-js-reverse/PYSEC-2019-19.yaml"
}
],
"database_specific": {

18
advisories/github-reviewed/2019/09/GHSA-pg2f-r7pc-6fxx/GHSA-pg2f-r7pc-6fxx.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pg2f-r7pc-6fxx",
"modified": "2021-08-17T22:19:46Z",
"modified": "2024-09-16T13:44:56Z",
"published": "2019-09-11T22:57:57Z",
"aliases": [
"CVE-2019-11457"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -40,6 +44,18 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11457"
},
{
"type": "PACKAGE",
"url": "https://github.com/MicroPyramid/Django-CRM"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pg2f-r7pc-6fxx"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-crm/PYSEC-2019-174.yaml"
},
{
"type": "WEB",
"url": "https://www.netsparker.com/blog/web-security"

16
advisories/github-reviewed/2020/01/GHSA-5fq8-3q2f-4m5g/GHSA-5fq8-3q2f-4m5g.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5fq8-3q2f-4m5g",
"modified": "2021-01-08T20:33:14Z",
"modified": "2024-09-16T21:59:21Z",
"published": "2020-01-24T19:56:59Z",
"aliases": [
"CVE-2020-5224"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N"
}
],
"affected": [
@ -47,13 +51,21 @@
{
"type": "WEB",
"url": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9"
},
{
"type": "PACKAGE",
"url": "https://github.com/Bouke/django-user-sessions"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-user-sessions/PYSEC-2020-230.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"severity": "LOW",
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2020-01-24T19:56:37Z",
"nvd_published_at": null

10
advisories/github-reviewed/2020/02/GHSA-q65m-pv3f-wr5r/GHSA-q65m-pv3f-wr5r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q65m-pv3f-wr5r",
"modified": "2022-10-07T13:11:43Z",
"modified": "2024-09-13T15:05:52Z",
"published": "2020-02-24T17:33:44Z",
"aliases": [
"CVE-2020-6802"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -64,6 +68,10 @@
"type": "PACKAGE",
"url": "https://github.com/mozilla/bleach"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2020-27.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI"

16
advisories/github-reviewed/2020/03/GHSA-m6xf-fq7q-8743/GHSA-m6xf-fq7q-8743.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m6xf-fq7q-8743",
"modified": "2022-10-07T13:07:17Z",
"modified": "2024-09-12T20:49:31Z",
"published": "2020-03-24T15:06:32Z",
"aliases": [
"CVE-2020-6816"
],
"summary": "mutation XSS via whitelisted math or svg and raw tag in Bleach",
"summary": "Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag",
"details": "### Impact\n\nA [mutation XSS](https://cure53.de/fp170.pdf) affects users calling `bleach.clean` with all of:\n\n* the `svg` or `math` in the allowed/whitelisted tags\n* an RCDATA tag (see below) in the allowed/whitelisted tags\n* the keyword argument `strip=False`\n\n### Patches\n\nUsers are encouraged to upgrade to bleach v3.1.2 or greater.\n\n### Workarounds\n\n* modify `bleach.clean` calls to use `strip=True`, or not whitelist `math` or `svg` tags and one or more of the following tags:\n\n```\nscript\nnoscript\nstyle\nnoframes\nxmp\nnoembed\niframe\n```\n\n* A strong [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) without `unsafe-inline` and `unsafe-eval` [`script-src`s](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src)) will also help mitigate the risk.\n\n### References\n\n* https://bugzilla.mozilla.org/show_bug.cgi?id=1621692\n* https://cure53.de/fp170.pdf\n* https://nvd.nist.gov/vuln/detail/CVE-2020-6816\n* https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach\n\n### Credits\n\n* Reported by [Yaniv Nizry](https://twitter.com/ynizry) from the CxSCA AppSec group at Checkmarx\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue at [https://github.com/mozilla/bleach/issues](https://github.com/mozilla/bleach/issues)\n* Email us at [security@mozilla.org](mailto:security@mozilla.org)",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -48,10 +52,18 @@
"type": "WEB",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4277"
},
{
"type": "PACKAGE",
"url": "https://github.com/mozilla/bleach"
},
{
"type": "WEB",
"url": "https://github.com/mozilla/bleach/releases/tag/v3.1.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2020-28.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5"

14
advisories/github-reviewed/2020/06/GHSA-37cf-r3w2-gjfw/GHSA-37cf-r3w2-gjfw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-37cf-r3w2-gjfw",
"modified": "2023-09-01T10:17:33Z",
"modified": "2024-09-16T22:30:29Z",
"published": "2020-06-05T16:09:19Z",
"aliases": [
"CVE-2019-10682"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,14 @@
"type": "WEB",
"url": "https://github.com/relekang/django-nopassword/commit/d8b4615f5fbfe3997d96cf4cb3e342406396193c"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-37cf-r3w2-gjfw"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-nopassword/PYSEC-2020-229.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/relekang/django-nopassword"

14
advisories/github-reviewed/2020/06/GHSA-m38j-pmg3-v5x5/GHSA-m38j-pmg3-v5x5.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m38j-pmg3-v5x5",
"modified": "2021-01-07T23:50:14Z",
"modified": "2024-09-16T21:26:35Z",
"published": "2020-06-23T19:58:27Z",
"aliases": [
"CVE-2020-4071"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"
}
],
"affected": [
@ -48,6 +52,14 @@
"type": "WEB",
"url": "https://github.com/tm-kn/django-basic-auth-ip-whitelist/commit/effe05ed1ed9e1ccc675a65b69d36217e5c5dfc6"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-basic-auth-ip-whitelist/PYSEC-2020-37.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tm-kn/django-basic-auth-ip-whitelist"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/django-developers/iAaq0pvHXuA/fpUuwjK3i2wJ"

18
advisories/github-reviewed/2020/07/GHSA-vhr6-pvjm-9qwf/GHSA-vhr6-pvjm-9qwf.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vhr6-pvjm-9qwf",
"modified": "2021-01-07T23:48:04Z",
"modified": "2024-09-16T21:33:50Z",
"published": "2020-07-10T20:55:00Z",
"aliases": [
"CVE-2020-15105"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -28,7 +32,7 @@
"introduced": "0"
},
{
"fixed": "1.12.0"
"fixed": "1.12"
}
]
}
@ -48,16 +52,24 @@
"type": "WEB",
"url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359"
},
{
"type": "PACKAGE",
"url": "https://github.com/Bouke/django-two-factor-auth"
},
{
"type": "WEB",
"url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-two-factor-auth/PYSEC-2020-39.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"severity": "HIGH",
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2020-07-10T20:52:31Z",
"nvd_published_at": null

10
advisories/github-reviewed/2020/09/GHSA-x7gm-rfgv-w973/GHSA-x7gm-rfgv-w973.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x7gm-rfgv-w973",
"modified": "2022-01-06T20:22:25Z",
"modified": "2024-09-16T22:10:02Z",
"published": "2020-09-28T19:05:29Z",
"aliases": [
"CVE-2020-15225"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -56,6 +60,10 @@
"type": "WEB",
"url": "https://github.com/carltongibson/django-filter/releases/tag/2.4.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-filter/PYSEC-2021-64.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S"

16
advisories/github-reviewed/2020/10/GHSA-hggm-jpg3-v476/GHSA-hggm-jpg3-v476.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hggm-jpg3-v476",
"modified": "2022-07-29T18:12:08Z",
"modified": "2024-09-13T18:16:06Z",
"published": "2020-10-27T20:33:13Z",
"aliases": [
"CVE-2020-25659"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -46,16 +50,24 @@
},
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b"
"url": "https://github.com/pyca/cryptography/pull/5507"
},
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hggm-jpg3-v476"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/cryptography"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/cryptography"

21
advisories/github-reviewed/2021/01/GHSA-hq37-853p-g5cf/GHSA-hq37-853p-g5cf.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hq37-853p-g5cf",
"modified": "2021-01-06T19:12:20Z",
"modified": "2024-09-13T17:42:15Z",
"published": "2021-01-06T16:57:50Z",
"aliases": [
"CVE-2021-21236"
@ -9,7 +9,14 @@
"summary": "Regular Expression Denial of Service in CairoSVG",
"details": "# Doyensec Vulnerability Advisory \n\n* Regular Expression Denial of Service (REDoS) in cairosvg\n* Affected Product: CairoSVG v2.0.0+\n* Vendor: https://github.com/Kozea\n* Severity: Medium\n* Vulnerability Class: Denial of Service\n* Author(s): Ben Caller ([Doyensec](https://doyensec.com))\n\n## Summary\n\nWhen processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).\nIf an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time.\n\n## Technical description\n\nThe vulnerable regular expressions are\n\nhttps://github.com/Kozea/CairoSVG/blob/9c4a982b9a021280ad90e89707eacc1d114e4ac4/cairosvg/colors.py#L190-L191\n\nThe section between 'rgb(' and the final ')' contains multiple overlapping groups.\n\nSince all three infinitely repeating groups accept spaces, a long string of spaces causes catastrophic backtracking when it is not followed by a closing parenthesis.\n\nThe complexity is cubic, so doubling the length of the malicious string of spaces makes processing take 8 times as long.\n\n## Reproduction steps\n\nCreate a malicious SVG of the form:\n\n <svg width=\"1\" height=\"1\"><rect fill=\"rgb( ;\"/></svg>\n\nwith the following code:\n\n '<svg width=\"1\" height=\"1\"><rect fill=\"rgb(' + (' ' * 3456) + ';\"/></svg>'\n\nNote that there is no closing parenthesis before the semi-colon.\n\nRun cairosvg e.g.:\n\n cairosvg cairo-redos.svg -o x.png\n\nand notice that it hangs at 100% CPU. Increasing the number of spaces increases the processing time with cubic complexity.\n\n## Remediation\n\nFix the regexes to avoid overlapping parts. Perhaps remove the [ \\n\\r\\t]* groups from the regex, and use .strip() on the returned capture group.\n\n## Disclosure timeline\n\n- 2020-12-30: Vulnerability disclosed via email to CourtBouillon",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"
}
],
"affected": [
{
@ -45,10 +52,18 @@
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kozea/CairoSVG"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.5.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cairosvg/PYSEC-2021-5.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/CairoSVG"
@ -58,7 +73,7 @@
"cwe_ids": [
"CWE-400"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2021-01-06T16:57:38Z",
"nvd_published_at": "2021-01-06T17:15:00Z"

25
advisories/github-reviewed/2021/02/GHSA-rhm9-p9w5-fwm7/GHSA-rhm9-p9w5-fwm7.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rhm9-p9w5-fwm7",
"modified": "2023-08-30T22:06:59Z",
"modified": "2024-09-13T18:33:13Z",
"published": "2021-02-10T01:32:27Z",
"aliases": [
"CVE-2020-36242"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -20,6 +24,11 @@
"ecosystem": "PyPI",
"name": "cryptography"
},
"ecosystem_specific": {
"affected_functions": [
"cryptography.hazmat.backends.openssl.ciphers._CipherContext"
]
},
"ranges": [
{
"type": "ECOSYSTEM",
@ -52,6 +61,10 @@
"type": "WEB",
"url": "https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rhm9-p9w5-fwm7"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/cryptography"
@ -64,6 +77,14 @@
"type": "WEB",
"url": "https://github.com/pyca/cryptography/compare/3.3.1...3.3.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E"
@ -82,7 +103,7 @@
"CWE-190",
"CWE-787"
],
"severity": "CRITICAL",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2021-02-10T01:31:02Z",
"nvd_published_at": "2021-02-07T20:15:00Z"

18
advisories/github-reviewed/2021/02/GHSA-vv2x-vrpj-qqpq/GHSA-vv2x-vrpj-qqpq.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vv2x-vrpj-qqpq",
"modified": "2023-08-23T22:57:36Z",
"modified": "2024-09-13T15:15:58Z",
"published": "2021-02-02T17:58:40Z",
"aliases": [
"CVE-2021-23980"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -53,6 +57,10 @@
"type": "WEB",
"url": "https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13"
},
{
"type": "WEB",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4303"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1689399"
@ -65,10 +73,18 @@
"type": "WEB",
"url": "https://cure53.de/fp170.pdf"
},
{
"type": "PACKAGE",
"url": "https://github.com/mozilla/bleach"
},
{
"type": "WEB",
"url": "https://github.com/mozilla/bleach/blob/79b7a3c5e56a09d1d323a5006afa59b56162eb13/CHANGES#L4"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2021-865.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/bleach"

21
advisories/github-reviewed/2021/03/GHSA-cqff-fx2x-p86v/GHSA-cqff-fx2x-p86v.json
Просмотреть файл

@ -1,15 +1,22 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cqff-fx2x-p86v",
"modified": "2021-03-08T15:48:55Z",
"modified": "2024-09-13T15:07:22Z",
"published": "2021-03-08T15:50:10Z",
"aliases": [
],
"summary": "Improper Authentication",
"summary": "botframework-connector vulnerable to Improper Authentication",
"details": "### Impact\nA maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot.\n\n### Patches\nThe problem has been patched in all affected versions. Please see the list of patched versions for the most appropiate one for your individual case.\n\n### Workarounds\nUsers who do not wish or are not able to upgrade can add an authentication configuration containing ClaimsValidator, which throws an exception if Claims are Skill Claims. \n\nFor detailed instructions, see the link in the References section.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Microsoft Bot Builder SDK](https://github.com/microsoft/botframework-sdk)\n* Email us at [bf-reports@microsoft.com](mailto:bf-reports@microsoft.com)",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -104,6 +111,14 @@
"type": "WEB",
"url": "https://github.com/microsoft/botbuilder-python/blob/main/doc/SkillClaimsValidation.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/botframework-connector/PYSEC-2021-422.yaml"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1725"
},
{
"type": "WEB",
"url": "https://pypi.org/project/botframework-connector"

18
advisories/github-reviewed/2021/03/GHSA-v542-8q9x-cffc/GHSA-v542-8q9x-cffc.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v542-8q9x-cffc",
"modified": "2023-09-05T14:34:15Z",
"modified": "2024-09-13T17:49:26Z",
"published": "2021-03-19T21:29:02Z",
"aliases": [
"CVE-2020-35681"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -52,9 +56,21 @@
"type": "WEB",
"url": "https://channels.readthedocs.io/en/stable/releases/index.html"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v542-8q9x-cffc"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/channels"
},
{
"type": "WEB",
"url": "https://github.com/django/channels/releases"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/channels/PYSEC-2021-113.yaml"
}
],
"database_specific": {

18
advisories/github-reviewed/2021/04/GHSA-2xpj-f5g2-8p7m/GHSA-2xpj-f5g2-8p7m.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2xpj-f5g2-8p7m",
"modified": "2023-08-30T21:16:22Z",
"modified": "2024-09-12T21:06:18Z",
"published": "2021-04-20T16:30:51Z",
"aliases": [
"CVE-2020-17446"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,10 +48,22 @@
"type": "WEB",
"url": "https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0"
},
{
"type": "PACKAGE",
"url": "https://github.com/MagicStack/asyncpg"
},
{
"type": "WEB",
"url": "https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2xpj-f5g2-8p7m"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/asyncpg/PYSEC-2020-24.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html"

10
advisories/github-reviewed/2021/04/GHSA-58c7-px5v-82hh/GHSA-58c7-px5v-82hh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-58c7-px5v-82hh",
"modified": "2023-03-30T14:48:14Z",
"modified": "2024-09-16T21:29:06Z",
"published": "2021-04-06T17:28:59Z",
"aliases": [
"CVE-2021-21416"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -48,6 +52,10 @@
"type": "WEB",
"url": "https://github.com/ubernostrum/django-registration/commit/2db0bb7ec35636ea46b07b146328b87b2cb13ca5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-registration/PYSEC-2021-11.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/ubernostrum/django-registration"

20
advisories/github-reviewed/2021/04/GHSA-f248-v4qh-x2r6/GHSA-f248-v4qh-x2r6.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f248-v4qh-x2r6",
"modified": "2023-08-31T16:38:53Z",
"modified": "2024-09-13T17:43:29Z",
"published": "2021-04-20T16:29:41Z",
"aliases": [
"CVE-2020-27589"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -42,16 +46,28 @@
},
{
"type": "WEB",
"url": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"
"url": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113"
},
{
"type": "WEB",
"url": "https://github.com/blackducksoftware/hub-rest-api-python/commit/0a25777117515b8b4ff287a98f57837a8c6bdbdb"
},
{
"type": "WEB",
"url": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f248-v4qh-x2r6"
},
{
"type": "PACKAGE",
"url": "https://github.com/blackducksoftware/hub-rest-api-python"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/blackduck/PYSEC-2020-26.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/blackduck"

16
advisories/github-reviewed/2021/04/GHSA-ffw3-6mp6-jmvj/GHSA-ffw3-6mp6-jmvj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ffw3-6mp6-jmvj",
"modified": "2024-03-06T22:33:58Z",
"modified": "2024-09-12T20:19:16Z",
"published": "2021-04-07T21:05:57Z",
"aliases": [
"CVE-2021-26559"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -28,7 +32,7 @@
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
"fixed": "2.0.1rc1"
}
]
}
@ -51,6 +55,10 @@
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/5e35926c7eda0dfa11a9623e4bf5f60c2bd6b3f6"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-ffw3-6mp6-jmvj"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
@ -59,6 +67,10 @@
"type": "WEB",
"url": "https://github.com/apache/airflow/blob/486b76438c0679682cf98cb88ed39c4b161cbcc8/CHANGELOG.txt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-2.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E"

23
advisories/github-reviewed/2021/04/GHSA-pghf-347x-c2gj/GHSA-pghf-347x-c2gj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pghf-347x-c2gj",
"modified": "2021-04-14T22:22:37Z",
"modified": "2024-09-13T20:10:20Z",
"published": "2021-04-16T19:53:28Z",
"aliases": [
"CVE-2021-30459"
@ -9,7 +9,14 @@
"summary": "SQL Injection via in django-debug-toolbar",
"details": "### Impact\nWith Django Debug Toolbar attackers are able to execute SQL by changing the `raw_sql` input of the SQL explain, analyze or select forms and submitting the form.\n\n**NOTE:** This is a high severity issue for anyone using the toolbar in a **production environment**.\n\nGenerally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.\n\n### Patches\nPlease upgrade to one of the following versions, depending on the major version you're using:\n\n- Version 1.x: [django-debug-toolbar 1.11.1](https://pypi.org/project/django-debug-toolbar/1.11.1/)\n- Version 2.x: [django-debug-toolbar 2.2.1](https://pypi.org/project/django-debug-toolbar/2.2.1/)\n- Version 3.x: [django-debug-toolbar 3.2.1](https://pypi.org/project/django-debug-toolbar/3.2.1/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in the [django-debug-toolbar repo](https://github.com/jazzband/django-debug-toolbar/issues/new) (Please NO SENSITIVE INFORMATION, send an email instead!)\n* Email us at [security@jazzband.co](mailto:security@jazzband.co)",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
@ -41,7 +48,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.0.0"
"introduced": "2.0a1"
},
{
"fixed": "2.2.1"
@ -60,7 +67,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.0.0"
"introduced": "3.0a1"
},
{
"fixed": "3.2.1"
@ -83,10 +90,18 @@
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30459"
},
{
"type": "PACKAGE",
"url": "https://github.com/jazzband/django-debug-toolbar"
},
{
"type": "WEB",
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-debug-toolbar/PYSEC-2021-10.yaml"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases"

14
advisories/github-reviewed/2021/04/GHSA-qhx9-7hx7-cp4r/GHSA-qhx9-7hx7-cp4r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qhx9-7hx7-cp4r",
"modified": "2023-09-05T14:37:12Z",
"modified": "2024-09-13T14:20:37Z",
"published": "2021-04-07T21:05:21Z",
"aliases": [
"CVE-2020-28473"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,10 +48,18 @@
"type": "WEB",
"url": "https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qhx9-7hx7-cp4r"
},
{
"type": "PACKAGE",
"url": "https://github.com/bottlepy/bottle"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/bottle/PYSEC-2021-129.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00019.html"

4
advisories/github-reviewed/2021/04/GHSA-rjmf-p882-645m/GHSA-rjmf-p882-645m.json
Просмотреть файл

@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rjmf-p882-645m",
"modified": "2024-02-13T19:28:56Z",
"modified": "2024-09-16T22:04:44Z",
"published": "2021-04-12T18:51:17Z",
"aliases": [
"CVE-2021-20327"
],
"summary": "mongodb-client-encryption vulnerable to Improper Certificate Validation",
"details": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS servers certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that dont use Field Level Encryption.",
"details": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS servers certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that dont use Field Level Encryption. This issue affect MongoDB Node.js Driver mongodb-client-encryption module version 1.2.0",
"severity": [
{
"type": "CVSS_V3",

14
advisories/github-reviewed/2021/04/GHSA-vgv5-cxvh-vfxh/GHSA-vgv5-cxvh-vfxh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vgv5-cxvh-vfxh",
"modified": "2022-11-08T18:16:44Z",
"modified": "2024-09-13T15:17:57Z",
"published": "2021-04-07T20:50:57Z",
"aliases": [
"CVE-2020-26759"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -58,9 +62,17 @@
"type": "WEB",
"url": "https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vgv5-cxvh-vfxh"
},
{
"type": "PACKAGE",
"url": "https://github.com/mymarilyn/clickhouse-driver"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/clickhouse-driver/PYSEC-2021-61.yaml"
}
],
"database_specific": {

10
advisories/github-reviewed/2021/06/GHSA-f6mq-5m25-4r72/GHSA-f6mq-5m25-4r72.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f6mq-5m25-4r72",
"modified": "2023-08-30T00:18:26Z",
"modified": "2024-09-17T15:38:07Z",
"published": "2021-06-15T16:08:16Z",
"aliases": [
"CVE-2021-20329"
@ -48,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca"
},
{
"type": "PACKAGE",
"url": "https://github.com/mongodb/mongo-go-driver"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
@ -55,6 +59,10 @@
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/GODRIVER-1923"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0112"
}
],
"database_specific": {

20
advisories/github-reviewed/2021/06/GHSA-fh37-cx83-q542/GHSA-fh37-cx83-q542.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-fh37-cx83-q542",
"modified": "2024-03-25T15:52:20Z",
"modified": "2024-09-12T20:10:22Z",
"published": "2021-06-18T18:30:11Z",
"aliases": [
"CVE-2021-26697"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -28,7 +32,7 @@
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
"fixed": "2.0.1rc1"
}
]
}
@ -55,6 +59,18 @@
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/93957e917ff4cfb0be11aef088bd9527cf728a04"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fh37-cx83-q542"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-3.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E"

16
advisories/github-reviewed/2021/06/GHSA-fvx8-v524-8579/GHSA-fvx8-v524-8579.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-fvx8-v524-8579",
"modified": "2023-08-30T21:23:58Z",
"modified": "2024-09-13T20:13:25Z",
"published": "2021-06-04T21:46:52Z",
"aliases": [
"CVE-2020-17495"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -54,11 +58,19 @@
},
{
"type": "WEB",
"url": "https://github.com/celery/django-celery-results/pull/316/commits/f4af2810dd2f70718a757f733b43225527f6aa3d"
"url": "https://github.com/celery/django-celery-results/commit/ad508fe3433499e5fc94645412d911e174863f28"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fvx8-v524-8579"
},
{
"type": "PACKAGE",
"url": "https://github.com/celery/django-celery-results"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-celery-results/PYSEC-2020-38.yaml"
}
],
"database_specific": {

9
advisories/github-reviewed/2021/06/GHSA-gff3-739c-gxfq/GHSA-gff3-739c-gxfq.json
Просмотреть файл

@ -1,13 +1,14 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gff3-739c-gxfq",
"modified": "2021-06-09T20:39:24Z",
"modified": "2024-09-16T15:03:13Z",
"published": "2021-06-10T17:22:59Z",
"withdrawn": "2024-09-16T15:02:24Z",
"aliases": [
"CVE-2021-32670"
],
"summary": "Reflected cross-site scripting issue in Datasette",
"details": "Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.",
"summary": "Duplicate Advisory: Reflected cross-site scripting issue in Datasette",
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references.\n\n## Original Description\nDatasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.",
"severity": [
{
"type": "CVSS_V3",

32
advisories/github-reviewed/2021/06/GHSA-xw7c-jx9m-xh5g/GHSA-xw7c-jx9m-xh5g.json
Просмотреть файл

@ -1,10 +1,10 @@
{
"schema_version": "1.4.0",
"id": "GHSA-xw7c-jx9m-xh5g",
"modified": "2021-10-05T17:23:33Z",
"modified": "2024-09-16T15:03:38Z",
"published": "2021-06-07T21:47:41Z",
"aliases": [
"CVE-2021-32670"
],
"summary": "Reflected cross-site scripting issue in Datasette",
"details": "### Impact\n\nThe `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability.\n\nThis vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data.\n\n### Patches\n\nDatasette 0.57 and 0.56.1 both include patches for this issue.\n\n### Workarounds\n\nIf you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.\n\n### References\n\n- [OWASP guide to reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks)\n- [Datasette issue #1360](https://github.com/simonw/datasette/issues/1360)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a discussion in [simonw/datasette](https://github.com/simonw/datasette/discussions)\n* Email us at `swillison+datasette @ gmail.com`\n",
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -40,9 +44,33 @@
"type": "WEB",
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g"
},
{
"type": "WEB",
"url": "https://github.com/simonw/datasette/issues/1360"
},
{
"type": "WEB",
"url": "https://datasette.io/plugins/datasette-auth-passwords"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gff3-739c-gxfq"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2021-89.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/simonw/datasette"
},
{
"type": "WEB",
"url": "https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks"
},
{
"type": "WEB",
"url": "https://pypi.org/project/datasette"
}
],
"database_specific": {

10
advisories/github-reviewed/2021/08/GHSA-69fv-gw6g-8ccg/GHSA-69fv-gw6g-8ccg.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-69fv-gw6g-8ccg",
"modified": "2023-06-13T16:50:04Z",
"modified": "2024-09-12T20:47:21Z",
"published": "2021-08-25T20:43:26Z",
"aliases": [
"CVE-2018-20998"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -63,6 +67,10 @@
"type": "WEB",
"url": "https://github.com/arrayfire/arrayfire-rust/pull/177"
},
{
"type": "WEB",
"url": "https://github.com/arrayfire/arrayfire-rust/commit/a5256f3e5e23b83eaad69699e0b04653aba04fb8"
},
{
"type": "PACKAGE",
"url": "https://github.com/arrayfire/arrayfire-rust"

14
advisories/github-reviewed/2021/08/GHSA-98hv-qff3-8793/GHSA-98hv-qff3-8793.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-98hv-qff3-8793",
"modified": "2021-08-26T19:20:22Z",
"modified": "2024-09-16T22:06:25Z",
"published": "2021-08-30T16:24:08Z",
"aliases": [
"CVE-2020-18704"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,9 +48,17 @@
"type": "WEB",
"url": "https://github.com/fusionbox/django-widgy/issues/387"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-98hv-qff3-8793"
},
{
"type": "PACKAGE",
"url": "https://github.com/fusionbox/django-widgy"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-widgy/PYSEC-2021-336.yaml"
}
],
"database_specific": {

10
advisories/github-reviewed/2021/08/GHSA-9jjr-qqfp-ppwx/GHSA-9jjr-qqfp-ppwx.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9jjr-qqfp-ppwx",
"modified": "2021-08-26T14:47:49Z",
"modified": "2024-09-13T18:05:58Z",
"published": "2021-08-30T16:16:58Z",
"aliases": [
"CVE-2021-39159"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
],
"affected": [
@ -60,6 +64,10 @@
{
"type": "PACKAGE",
"url": "https://github.com/jupyterhub/binderhub"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/binderhub/PYSEC-2021-371.yaml"
}
],
"database_specific": {

12
advisories/github-reviewed/2021/09/GHSA-qhmp-h54x-38qr/GHSA-qhmp-h54x-38qr.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qhmp-h54x-38qr",
"modified": "2021-10-06T20:37:36Z",
"modified": "2024-09-12T20:54:36Z",
"published": "2021-09-20T20:57:02Z",
"aliases": [
"CVE-2021-39229"
],
"summary": "CWE-730 Regex injection with IFTTT Plugin",
"summary": "Apprise vulnerable to regex injection with IFTTT Plugin",
"details": "### Impact\nAnyone _publicly_ hosting the Apprise library and granting them access to the IFTTT notification service.\n\n### Patches\nUpdate to Apprise v0.9.5.1\n ```bash\n # Install Apprise v0.9.5.1 from PyPI\n pip install apprise==0.9.5.1\n ```\n\nThe patch to the problem was performed [here](https://github.com/caronc/apprise/pull/436/files).\n\n### Workarounds\nAlternatively, if upgrading is not an option, you can safely remove the following file:\n- `apprise/plugins/NotifyIFTTT.py` \n\nThe above will eliminate the ability to use IFTTT, but everything else will work smoothly.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Apprise](https://github.com/caronc/apprise/issues)\n* Email me at [lead2gold@gmail.com](mailto:lead2gold@gmail.com)\n\n### Additional Credit\nGithub would not allow me to additionally credit **Rasmus Petersen**, but I would like to put that here at the very least - thank you for finding and reporting this issue along with those already credited\n\n## Additional Notes:\n- Github would not allow me to add/tag the 2 CWE's this issue is applicable to (only CWE-400). The other is: CWE-730 (placed in the title)\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -66,6 +70,10 @@
{
"type": "WEB",
"url": "https://github.com/caronc/apprise/releases/tag/v0.9.5.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml"
}
],
"database_specific": {

19
advisories/github-reviewed/2021/10/GHSA-4cfr-gjfx-fj3x/GHSA-4cfr-gjfx-fj3x.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4cfr-gjfx-fj3x",
"modified": "2021-10-05T15:51:30Z",
"modified": "2024-09-13T17:50:11Z",
"published": "2021-10-05T17:53:11Z",
"aliases": [
"CVE-2021-40324"
@ -9,7 +9,14 @@
"summary": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.",
"details": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -41,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-4cfr-gjfx-fj3x"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
@ -48,6 +59,10 @@
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-374.yaml"
}
],
"database_specific": {

25
advisories/github-reviewed/2021/10/GHSA-c87f-fq5g-63r2/GHSA-c87f-fq5g-63r2.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c87f-fq5g-63r2",
"modified": "2021-10-08T21:32:32Z",
"modified": "2024-09-16T21:51:22Z",
"published": "2021-10-12T17:51:11Z",
"aliases": [
"CVE-2021-42053"
@ -9,7 +9,14 @@
"summary": "Cross-site scripting in Unicorn framework",
"details": "The Unicorn framework through 0.35.3 for Django allows XSS via component.name.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
{
@ -39,7 +46,11 @@
},
{
"type": "WEB",
"url": "https://github.com/adamghill/django-unicorn/pull/288/commits/aa5b9835d946bd9893ef02e556859e3ea62cc5e2"
"url": "https://github.com/adamghill/django-unicorn/pull/288"
},
{
"type": "WEB",
"url": "https://github.com/adamghill/django-unicorn/commit/aa5b9835d946bd9893ef02e556859e3ea62cc5e2"
},
{
"type": "PACKAGE",
@ -49,6 +60,14 @@
"type": "WEB",
"url": "https://github.com/adamghill/django-unicorn/compare/0.35.3...0.36.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-c87f-fq5g-63r2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-357.yaml"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164442/django-unicorn-0.35.3-Cross-Site-Scripting.html"

19
advisories/github-reviewed/2021/10/GHSA-cpqf-3c3r-c9g2/GHSA-cpqf-3c3r-c9g2.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cpqf-3c3r-c9g2",
"modified": "2021-10-05T15:57:32Z",
"modified": "2024-09-13T15:11:50Z",
"published": "2021-10-05T17:53:20Z",
"aliases": [
"CVE-2021-40323"
@ -9,7 +9,14 @@
"summary": "Cobbler before 3.3.0 allows log poisoning",
"details": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
@ -41,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cpqf-3c3r-c9g2"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
@ -48,6 +59,10 @@
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2021/10/GHSA-cr3f-r24j-3chw/GHSA-cr3f-r24j-3chw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cr3f-r24j-3chw",
"modified": "2023-08-08T19:59:06Z",
"modified": "2024-09-13T17:50:35Z",
"published": "2021-10-05T17:53:29Z",
"aliases": [
"CVE-2021-40325"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cr3f-r24j-3chw"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
@ -51,6 +59,10 @@
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-375.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2021/10/GHSA-ggmv-6q9p-9gm6/GHSA-ggmv-6q9p-9gm6.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ggmv-6q9p-9gm6",
"modified": "2021-10-19T14:51:11Z",
"modified": "2024-09-16T21:57:56Z",
"published": "2021-10-12T17:51:04Z",
"aliases": [
"CVE-2021-42134"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -51,6 +55,14 @@
{
"type": "WEB",
"url": "https://github.com/adamghill/django-unicorn/compare/0.36.0...0.36.1"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-ggmv-6q9p-9gm6"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-369.yaml"
}
],
"database_specific": {

18
advisories/github-reviewed/2021/10/GHSA-h4m5-qpfp-3mpv/GHSA-h4m5-qpfp-3mpv.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-h4m5-qpfp-3mpv",
"modified": "2021-10-27T17:06:39Z",
"modified": "2024-09-12T20:56:02Z",
"published": "2021-10-21T17:49:59Z",
"aliases": [
"CVE-2021-42771"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,18 @@
"type": "WEB",
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"type": "WEB",
"url": "https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-h4m5-qpfp-3mpv"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/babel/PYSEC-2021-421.yaml"
},
{
"type": "WEB",
"url": "https://github.com/python-babel/babel"

26
advisories/github-reviewed/2021/10/GHSA-j8fq-86c5-5v2r/GHSA-j8fq-86c5-5v2r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j8fq-86c5-5v2r",
"modified": "2022-03-21T19:58:43Z",
"modified": "2024-09-16T13:56:48Z",
"published": "2021-10-27T18:53:48Z",
"aliases": [
"CVE-2021-42343"
@ -12,19 +12,17 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "distributed"
},
"ecosystem_specific": {
"affected_functions": [
"dask.distributed.LocalCluster",
"dask.distributed.Client"
]
"name": "dask"
},
"ranges": [
{
@ -62,9 +60,21 @@
"type": "WEB",
"url": "https://docs.dask.org/en/latest/changelog.html"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-j8fq-86c5-5v2r"
},
{
"type": "WEB",
"url": "https://github.com/dask/dask/tags"
},
{
"type": "PACKAGE",
"url": "https://github.com/dask/distributed"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2021/11/GHSA-743r-5g92-5vgf/GHSA-743r-5g92-5vgf.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-743r-5g92-5vgf",
"modified": "2021-12-03T15:20:59Z",
"modified": "2024-09-12T20:48:35Z",
"published": "2021-11-24T21:11:16Z",
"aliases": [
"CVE-2021-40829"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -78,6 +82,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40829"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-743r-5g92-5vgf"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-cpp-v2"
@ -101,6 +109,10 @@
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-c-io"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-862.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2021/11/GHSA-94jq-q5v2-76wj/GHSA-94jq-q5v2-76wj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-94jq-q5v2-76wj",
"modified": "2021-12-03T15:21:36Z",
"modified": "2024-09-12T21:14:08Z",
"published": "2021-11-24T21:02:24Z",
"aliases": [
"CVE-2021-40828"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -90,6 +94,10 @@
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-python-v2/commit/fd4c0ba04b35eab9e20c635af5548fcc5a92d8be"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-94jq-q5v2-76wj"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-cpp-v2"
@ -109,6 +117,10 @@
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-c-io"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-861.yaml"
}
],
"database_specific": {

14
advisories/github-reviewed/2021/11/GHSA-c4rh-4376-gff4/GHSA-c4rh-4376-gff4.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c4rh-4376-gff4",
"modified": "2021-12-03T15:22:02Z",
"modified": "2024-09-12T20:53:25Z",
"published": "2021-11-24T21:12:04Z",
"aliases": [
"CVE-2021-40830"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -90,6 +94,10 @@
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-python-v2/commit/0450ce68add7e3d05c6d781ecdac953c299c053a"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-c4rh-4376-gff4"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-cpp-v2"
@ -109,6 +117,10 @@
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-c-io"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-863.yaml"
}
],
"database_specific": {

16
advisories/github-reviewed/2021/11/GHSA-j3f7-7rmc-6wqj/GHSA-j3f7-7rmc-6wqj.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j3f7-7rmc-6wqj",
"modified": "2021-12-03T15:22:22Z",
"modified": "2024-09-12T20:52:09Z",
"published": "2021-11-24T20:35:03Z",
"aliases": [
"CVE-2021-40831"
],
"summary": "Improper certificate management in AWS IoT Device SDK v2",
"details": "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the systems default trust-store. Attackers with access to a hosts trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.",
"details": "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been \"overridden\". TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the systems default trust-store. Attackers with access to a hosts trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The `aws_tls_ctx_options_override_default_trust_store_*` function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -90,6 +94,10 @@
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-python-v2/commit/5aef82573202309063eb540b72cee0e565f85a2d"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-j3f7-7rmc-6wqj"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-iot-device-sdk-cpp-v2"
@ -109,6 +117,10 @@
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-c-io"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-864.yaml"
}
],
"database_specific": {

16
advisories/github-reviewed/2021/11/GHSA-vfrc-ggmc-5jwv/GHSA-vfrc-ggmc-5jwv.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vfrc-ggmc-5jwv",
"modified": "2021-11-24T19:43:03Z",
"modified": "2024-09-16T21:40:06Z",
"published": "2021-11-23T17:55:46Z",
"aliases": [
"CVE-2021-3950"
],
"summary": "Cross-site Scripting in django-helpdesk",
"details": "django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"details": "django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vfrc-ggmc-5jwv"
},
{
"type": "PACKAGE",
"url": "https://github.com/django-helpdesk/django-helpdesk"
@ -52,6 +60,10 @@
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/releases/tag/0.3.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2021-431.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e"

25
advisories/github-reviewed/2021/11/GHSA-vx6v-xg64-pmr8/GHSA-vx6v-xg64-pmr8.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vx6v-xg64-pmr8",
"modified": "2021-11-17T21:10:26Z",
"modified": "2024-09-16T22:11:51Z",
"published": "2021-11-15T23:12:41Z",
"aliases": [
"CVE-2021-3945"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -28,11 +32,14 @@
"introduced": "0"
},
{
"last_affected": "0.3.0"
"fixed": "0.3.1"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 0.3.0"
}
}
],
"references": [
@ -44,10 +51,22 @@
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/commit/2c7065e0c4296e0c692fb4a7ee19c7357583af30"
},
{
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/commit/44abb197120a843cce5b5fe8276e4a44b8bb2f48"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vx6v-xg64-pmr8"
},
{
"type": "PACKAGE",
"url": "https://github.com/django-helpdesk/django-helpdesk"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2021-430.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/745f483c-70ed-441f-ab2e-7ac1305439a4"

14
advisories/github-reviewed/2021/12/GHSA-2v5j-q74q-r53f/GHSA-2v5j-q74q-r53f.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2v5j-q74q-r53f",
"modified": "2021-12-03T15:19:07Z",
"modified": "2024-09-16T21:36:59Z",
"published": "2021-12-03T20:42:26Z",
"aliases": [
"CVE-2021-3994"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/commit/a22eb0673fe0b7784f99c6b5fd343b64a6700f06"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2v5j-q74q-r53f"
},
{
"type": "PACKAGE",
"url": "https://github.com/django-helpdesk/django-helpdesk"
@ -52,6 +60,10 @@
"type": "WEB",
"url": "https://github.com/django-helpdesk/django-helpdesk/releases/tag/0.3.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2021-438.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd"

19
advisories/github-reviewed/2021/12/GHSA-6w9p-88qg-p3g3/GHSA-6w9p-88qg-p3g3.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6w9p-88qg-p3g3",
"modified": "2023-08-31T15:31:45Z",
"modified": "2024-09-13T18:03:57Z",
"published": "2021-12-03T20:44:48Z",
"aliases": [
"CVE-2021-25967"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -32,10 +36,7 @@
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 2.9.3"
}
]
}
],
"references": [
@ -51,10 +52,18 @@
"type": "WEB",
"url": "https://github.com/ckan/ckan/commit/5a46989c0a4f2c2873ca182c196da83b82babd25"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6w9p-88qg-p3g3"
},
{
"type": "PACKAGE",
"url": "https://github.com/ckan/ckan"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2021-841.yaml"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25967"

14
advisories/github-reviewed/2022/01/GHSA-8rh6-h94m-vj54/GHSA-8rh6-h94m-vj54.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8rh6-h94m-vj54",
"modified": "2022-01-04T16:55:20Z",
"modified": "2024-09-13T20:07:10Z",
"published": "2022-01-07T00:01:11Z",
"aliases": [
"CVE-2021-41500"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -48,10 +52,18 @@
"type": "WEB",
"url": "https://github.com/cvxopt/cvxopt/commit/d5a21cf1da62e4269176384b1ff62edac5579f94"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8rh6-h94m-vj54"
},
{
"type": "PACKAGE",
"url": "https://github.com/cvxopt/cvxopt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cvxopt/PYSEC-2021-870.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D"

14
advisories/github-reviewed/2022/01/GHSA-9236-8w7q-rmrv/GHSA-9236-8w7q-rmrv.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9236-8w7q-rmrv",
"modified": "2022-01-05T20:41:25Z",
"modified": "2024-09-12T20:50:41Z",
"published": "2022-01-06T21:59:50Z",
"aliases": [
"CVE-2021-4162"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/archivy/archivy/commit/796c3ae318eea183fc88c87ec5a27355b0f6a99d"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9236-8w7q-rmrv"
},
{
"type": "WEB",
"url": "https://github.com/archivy/archivy"
@ -52,6 +60,10 @@
"type": "WEB",
"url": "https://github.com/archivy/archivy/releases/tag/v1.6.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/archivy/PYSEC-2021-869.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/e204a768-2129-4b6f-abad-e436309c7c32"

14
advisories/github-reviewed/2022/01/GHSA-h56g-v4vp-q9q6/GHSA-h56g-v4vp-q9q6.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-h56g-v4vp-q9q6",
"modified": "2022-02-04T16:38:23Z",
"modified": "2024-09-13T14:31:05Z",
"published": "2022-01-29T00:00:41Z",
"aliases": [
"CVE-2022-0352"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -44,10 +48,18 @@
"type": "WEB",
"url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-h56g-v4vp-q9q6"
},
{
"type": "PACKAGE",
"url": "https://github.com/janeczku/calibre-web"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-18.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"

14
advisories/github-reviewed/2022/01/GHSA-hx7c-qpfq-xcrp/GHSA-hx7c-qpfq-xcrp.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hx7c-qpfq-xcrp",
"modified": "2022-01-21T13:25:18Z",
"modified": "2024-09-16T21:47:38Z",
"published": "2022-01-13T20:10:53Z",
"aliases": [
"CVE-2021-44649"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -97,10 +101,18 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44649"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hx7c-qpfq-xcrp"
},
{
"type": "WEB",
"url": "https://github.com/divio/django-cms"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-cms/PYSEC-2022-7.yaml"
},
{
"type": "WEB",
"url": "https://sahildhar.github.io/blogpost/Django-CMS-Reflected-XSS-Vulnerability"

14
advisories/github-reviewed/2022/02/GHSA-4w8p-x6g8-fv64/GHSA-4w8p-x6g8-fv64.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4w8p-x6g8-fv64",
"modified": "2022-02-23T17:39:11Z",
"modified": "2024-09-13T15:04:25Z",
"published": "2022-02-01T00:48:54Z",
"aliases": [
"CVE-2022-0339"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -48,6 +52,10 @@
"type": "WEB",
"url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-4w8p-x6g8-fv64"
},
{
"type": "PACKAGE",
"url": "https://github.com/janeczku/calibre-web"
@ -56,6 +64,10 @@
"type": "WEB",
"url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.16"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-23.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"

14
advisories/github-reviewed/2022/02/GHSA-5946-mpw5-pqxx/GHSA-5946-mpw5-pqxx.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5946-mpw5-pqxx",
"modified": "2022-03-08T18:49:35Z",
"modified": "2024-09-13T18:30:44Z",
"published": "2022-02-21T00:00:20Z",
"aliases": [
"CVE-2021-45083"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -52,6 +56,10 @@
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5946-mpw5-pqxx"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
@ -64,6 +72,10 @@
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW"

18
advisories/github-reviewed/2022/02/GHSA-65xw-pcqw-hjrh/GHSA-65xw-pcqw-hjrh.json
Просмотреть файл

@ -1,17 +1,21 @@
{
"schema_version": "1.4.0",
"id": "GHSA-65xw-pcqw-hjrh",
"modified": "2024-03-06T22:40:01Z",
"modified": "2024-09-12T19:17:59Z",
"published": "2022-02-26T00:00:45Z",
"aliases": [
"CVE-2021-45229"
],
"summary": "Cross site scripting in apache airflow",
"summary": "Apache Airflow Cross-site Scripting Vulnerability",
"details": "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -28,7 +32,7 @@
"introduced": "0"
},
{
"fixed": "2.2.4"
"fixed": "2.2.4rc1"
}
]
}
@ -44,10 +48,18 @@
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-65xw-pcqw-hjrh"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk"

14
advisories/github-reviewed/2022/02/GHSA-hhm3-48h2-597v/GHSA-hhm3-48h2-597v.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hhm3-48h2-597v",
"modified": "2023-08-31T15:18:54Z",
"modified": "2024-09-12T21:15:25Z",
"published": "2022-02-02T00:01:46Z",
"aliases": [
"CVE-2021-44451"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -40,10 +44,18 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44451"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hhm3-48h2-597v"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/superset"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"

12
advisories/github-reviewed/2022/02/GHSA-qhh5-9738-g9mx/GHSA-qhh5-9738-g9mx.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qhh5-9738-g9mx",
"modified": "2023-11-07T22:11:35Z",
"modified": "2024-09-12T20:17:17Z",
"published": "2022-02-09T22:26:32Z",
"aliases": [
"CVE-2020-13922"
@ -12,13 +12,17 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.dolphinscheduler:dolphinscheduler"
"name": "org.apache.dolphinscheduler:dolphinscheduler-api"
},
"ranges": [
{
@ -52,6 +56,10 @@
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/announce%40apache.org/msg06076.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/announce@apache.org/msg06076.html"

10
advisories/github-reviewed/2022/03/GHSA-28mg-98xm-q493/GHSA-28mg-98xm-q493.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-28mg-98xm-q493",
"modified": "2022-03-18T21:19:29Z",
"modified": "2024-09-12T20:36:10Z",
"published": "2022-03-08T00:00:32Z",
"aliases": [
"CVE-2022-0697"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -44,6 +48,10 @@
"type": "WEB",
"url": "https://github.com/archivy/archivy/commit/2d8cb29853190d42572b36deb61127e68d6be574"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-28mg-98xm-q493"
},
{
"type": "PACKAGE",
"url": "https://github.com/archivy/archivy"

6
advisories/github-reviewed/2022/03/GHSA-mcg6-h362-cmq5/GHSA-mcg6-h362-cmq5.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mcg6-h362-cmq5",
"modified": "2022-03-11T20:52:04Z",
"modified": "2024-09-13T17:40:26Z",
"published": "2022-03-11T20:52:04Z",
"aliases": [
"CVE-2022-0860"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [

6
advisories/github-reviewed/2022/04/GHSA-3r7g-wrpr-j5g4/GHSA-3r7g-wrpr-j5g4.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3r7g-wrpr-j5g4",
"modified": "2022-05-26T20:18:03Z",
"modified": "2024-09-16T21:50:13Z",
"published": "2022-04-22T20:48:28Z",
"aliases": [
"CVE-2022-24857"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [

25
advisories/github-reviewed/2022/04/GHSA-66vw-v2x9-hw75/GHSA-66vw-v2x9-hw75.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-66vw-v2x9-hw75",
"modified": "2024-06-28T18:58:58Z",
"modified": "2024-09-16T17:22:51Z",
"published": "2022-04-30T00:00:35Z",
"aliases": [
"CVE-2022-1227"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -52,25 +56,6 @@
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/psgo/internal/proc"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.2"
}
]
}
]
}
],
"references": [

14
advisories/github-reviewed/2022/05/GHSA-2cvf-r9jm-4qm9/GHSA-2cvf-r9jm-4qm9.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2cvf-r9jm-4qm9",
"modified": "2023-07-19T20:01:06Z",
"modified": "2024-09-13T15:15:21Z",
"published": "2022-05-13T01:14:22Z",
"aliases": [
"CVE-2019-3830"
@ -11,7 +11,11 @@
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -59,13 +63,17 @@
{
"type": "PACKAGE",
"url": "https://github.com/openstack/ceilometer"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ceilometer/PYSEC-2019-78.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"severity": "HIGH",
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2023-07-19T20:01:06Z",
"nvd_published_at": "2019-03-26T18:29:00Z"

16
advisories/github-reviewed/2022/05/GHSA-2pqc-gv8q-pvqv/GHSA-2pqc-gv8q-pvqv.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2pqc-gv8q-pvqv",
"modified": "2023-08-03T19:53:31Z",
"modified": "2024-09-16T14:42:41Z",
"published": "2022-05-17T01:57:52Z",
"aliases": [
"CVE-2015-5081"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -44,7 +48,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.1.0"
"introduced": "3.1.0b1"
},
{
"fixed": "3.1.1"
@ -59,10 +63,18 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5081"
},
{
"type": "WEB",
"url": "https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a"
},
{
"type": "WEB",
"url": "https://github.com/django-cms/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-cms/PYSEC-2017-11.yaml"
},
{
"type": "WEB",
"url": "https://www.django-cms.org/en/blog/2015/06/27/311-3014-release"

17
advisories/github-reviewed/2022/05/GHSA-39vm-p9mr-4r27/GHSA-39vm-p9mr-4r27.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-39vm-p9mr-4r27",
"modified": "2024-05-01T10:58:46Z",
"modified": "2024-09-12T21:05:41Z",
"published": "2022-05-17T05:22:19Z",
"aliases": [
"CVE-2012-3458"
@ -9,7 +9,14 @@
"summary": "Beaker Sensitive Information Disclosure vulnerability",
"details": "Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -49,6 +56,10 @@
"type": "PACKAGE",
"url": "https://github.com/bbangert/beaker"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/beaker/PYSEC-2012-1.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140724164516/http://secunia.com/advisories/50226"
@ -68,7 +79,7 @@
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"severity": "MODERATE",
"github_reviewed": true,

6
advisories/github-reviewed/2022/05/GHSA-42q4-9xf9-f67x/GHSA-42q4-9xf9-f67x.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-42q4-9xf9-f67x",
"modified": "2022-08-11T18:25:38Z",
"modified": "2024-09-12T20:36:58Z",
"published": "2022-05-24T19:20:31Z",
"aliases": [
"CVE-2021-41972"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [

12
advisories/github-reviewed/2022/05/GHSA-4fpg-j5mp-783g/GHSA-4fpg-j5mp-783g.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4fpg-j5mp-783g",
"modified": "2024-04-22T22:45:45Z",
"modified": "2024-09-13T15:57:09Z",
"published": "2022-05-13T01:49:46Z",
"aliases": [
"CVE-2018-13390"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"
}
],
"affected": [
@ -43,13 +47,17 @@
{
"type": "WEB",
"url": "https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cloudtoken/PYSEC-2018-1.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"severity": "MODERATE",
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:45:45Z",
"nvd_published_at": "2018-08-10T15:29:00Z"

10
advisories/github-reviewed/2022/05/GHSA-4wcc-jv3p-prqw/GHSA-4wcc-jv3p-prqw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4wcc-jv3p-prqw",
"modified": "2024-04-29T16:54:38Z",
"modified": "2024-09-13T14:25:50Z",
"published": "2022-05-17T02:52:55Z",
"aliases": [
"CVE-2015-8310"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
@ -52,6 +56,10 @@
"type": "PACKAGE",
"url": "https://github.com/devsnd/cherrymusic"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cherrymusic/PYSEC-2017-100.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227183347/http://www.securityfocus.com/bid/97148"

39
advisories/github-reviewed/2022/05/GHSA-54qj-48vx-cr9f/GHSA-54qj-48vx-cr9f.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-54qj-48vx-cr9f",
"modified": "2024-05-21T20:31:08Z",
"modified": "2024-09-16T21:53:19Z",
"published": "2022-05-01T23:48:43Z",
"aliases": [
"CVE-2008-2302"
@ -9,13 +9,20 @@
"summary": "Django Cross-site scripting (XSS) vulnerability",
"details": "Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -34,7 +41,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -53,7 +60,7 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -97,27 +104,27 @@
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30250"
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30291"
"url": "https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1020028"
"url": "https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209"
},
{
"type": "WEB",
"url": "http://www.djangoproject.com/weblog/2008/may/14/security"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/29209"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1618"
}
],
"database_specific": {

43
advisories/github-reviewed/2022/05/GHSA-59w8-4wm2-4xw8/GHSA-59w8-4wm2-4xw8.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-59w8-4wm2-4xw8",
"modified": "2023-08-29T22:31:03Z",
"modified": "2024-09-17T15:14:45Z",
"published": "2022-05-17T05:12:01Z",
"aliases": [
"CVE-2012-3443"
@ -9,13 +9,20 @@
"summary": "Django Image Field Vulnerable to Image Decompression Bombs",
"details": "The `django.forms.ImageField` class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
@ -34,14 +41,14 @@
{
"package": {
"ecosystem": "PyPI",
"name": "django"
"name": "Django"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.4.0"
"introduced": "1.4"
},
{
"fixed": "1.4.1"
@ -68,6 +75,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-3.yaml"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2012/dsa-2529"
@ -91,6 +102,26 @@
{
"type": "WEB",
"url": "https://www.ubuntu.com/usn/USN-1560-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2529"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1560-1"
}
],
"database_specific": {
@ -98,7 +129,7 @@
"CWE-20",
"CWE-400"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2023-08-29T22:31:03Z",
"nvd_published_at": "2012-07-31T17:55:00Z"

6
advisories/github-reviewed/2022/05/GHSA-5fp8-c45m-256p/GHSA-5fp8-c45m-256p.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5fp8-c45m-256p",
"modified": "2022-06-21T20:08:57Z",
"modified": "2024-09-12T20:37:55Z",
"published": "2022-05-24T19:20:42Z",
"aliases": [
"CVE-2021-42250"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [

19
advisories/github-reviewed/2022/05/GHSA-5h2q-4hrp-v9rr/GHSA-5h2q-4hrp-v9rr.json
Просмотреть файл

@ -1,15 +1,22 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5h2q-4hrp-v9rr",
"modified": "2024-03-07T21:58:37Z",
"modified": "2024-09-16T21:41:20Z",
"published": "2022-05-17T05:12:01Z",
"aliases": [
"CVE-2012-3444"
],
"summary": "Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer",
"details": "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.",
"details": "The `get_image_dimensions` function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
@ -80,6 +87,10 @@
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued"
@ -109,7 +120,7 @@
"cwe_ids": [
"CWE-119"
],
"severity": "MODERATE",
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2023-04-21T20:17:54Z",
"nvd_published_at": "2012-07-31T17:55:00Z"

37
advisories/github-reviewed/2022/05/GHSA-5v8v-66v8-mwm7/GHSA-5v8v-66v8-mwm7.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5v8v-66v8-mwm7",
"modified": "2022-06-16T23:47:42Z",
"modified": "2024-09-16T13:48:46Z",
"published": "2022-05-24T17:28:21Z",
"aliases": [
"CVE-2020-8927"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -2826,6 +2830,25 @@
]
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "brotli"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.8"
}
]
}
]
}
],
"references": [
@ -2841,6 +2864,10 @@
"type": "WEB",
"url": "https://github.com/github/advisory-database/issues/785"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4801"
@ -2897,10 +2924,18 @@
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"type": "WEB",
"url": "https://github.com/google/brotli/releases/tag/v1.0.8"
},
{
"type": "PACKAGE",
"url": "https://github.com/bitemyapp/brotli2-rs"

14
advisories/github-reviewed/2022/05/GHSA-5x6q-ffwj-8vcf/GHSA-5x6q-ffwj-8vcf.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5x6q-ffwj-8vcf",
"modified": "2024-05-01T10:59:36Z",
"modified": "2024-09-12T20:52:47Z",
"published": "2022-05-17T01:57:32Z",
"aliases": [
"CVE-2015-4082"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@ -52,6 +56,10 @@
"type": "PACKAGE",
"url": "https://github.com/jborg/attic"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/attic/PYSEC-2017-6.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200517225455/http://www.securityfocus.com/bid/74821"
@ -59,6 +67,10 @@
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/05/31/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74821"
}
],
"database_specific": {

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше