Skip to content

Commit

Permalink
Update CVE and NVD data
Browse files Browse the repository at this point in the history
  • Loading branch information
GSD-automation committed Mar 27, 2024
1 parent 4d8e16b commit 3a58a1b
Show file tree
Hide file tree
Showing 266 changed files with 12,036 additions and 481 deletions.
34 changes: 34 additions & 0 deletions 2017/20xxx/GSD-2017-20190.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"namespaces": {
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a \"Zalgo text\" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability."
}
],
"id": "CVE-2017-20190",
"lastModified": "2024-03-27T00:15:07.580",
"metrics": {},
"published": "2024-03-27T00:15:07.580",
"references": [
{
"source": "cve@mitre.org",
"url": "https://aka.ms/windowsbugbar"
},
{
"source": "cve@mitre.org",
"url": "https://en.wikipedia.org/wiki/Zalgo_text"
},
{
"source": "cve@mitre.org",
"url": "https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Received"
}
}
}
}
232 changes: 127 additions & 105 deletions 2021/23xxx/GSD-2021-23439.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,124 +152,146 @@
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
"cve": {
"configurations": [
{
"children": [],
"cpe_match": [
"nodes": [
{
"cpe23Uri": "cpe:2.3:a:file-upload-with-preview_project:file-upload-with-preview:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.0",
"vulnerable": true
"cpeMatch": [
{
"criteria": "cpe:2.3:a:johndatserakis:file-upload-with-preview:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F05B3E2C-09B6-477A-A2D1-8C4A4162D18D",
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
]
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2021-23439"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)."
}
]
},
"problemtype": {
"problemtype_data": [
],
"descriptions": [
{
"lang": "en",
"value": "This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)."
},
{
"lang": "es",
"value": "Esto afecta al paquete file-upload-with-preview versiones anteriores a 4.2.0. Un archivo que contenga c\u00f3digo JavaScript malicioso en el nombre puede ser cargado (un usuario necesita ser enga\u00f1ado para que cargue dicho archivo)"
}
],
"id": "CVE-2021-23439",
"lastModified": "2024-03-26T11:44:31.903",
"metrics": {
"cvssMetricV2": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true%23diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174"
},
],
"cvssMetricV31": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492"
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Broken Link"
],
"url": "https://github.com/johndatserakis/file-upload-with-preview/blob/develop/src/file-upload-with-preview.js%23L168"
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "report@snyk.io",
"type": "Secondary"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
"published": "2021-09-05T14:15:07.370",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Broken Link"
],
"url": "https://github.com/johndatserakis/file-upload-with-preview/blob/develop/src/file-upload-with-preview.js%23L168"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-09-10T19:46Z",
"publishedDate": "2021-09-05T14:15Z"
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true%23diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
17 changes: 17 additions & 0 deletions 2021/36xxx/GSD-2021-36759.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,23 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-35342. Reason: This candidate is a reservation duplicate of CVE-2021-35342. Notes: All CVE users should reference CVE-2021-35342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"id": "CVE-2021-36759",
"lastModified": "2024-03-26T15:15:48.070",
"metrics": {},
"published": "2024-03-26T15:15:48.070",
"references": [],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Rejected"
}
}
}
}
10 changes: 9 additions & 1 deletion 2022/38xxx/GSD-2022-38223.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@
}
],
"id": "CVE-2022-38223",
"lastModified": "2024-03-23T03:15:08.677",
"lastModified": "2024-03-27T03:15:10.003",
"metrics": {
"cvssMetricV31": [
{
Expand Down Expand Up @@ -202,9 +202,17 @@
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
}
],
"sourceIdentifier": "cve@mitre.org",
Expand Down
Loading

0 comments on commit 3a58a1b

Please sign in to comment.