Skip to content

Commit

Permalink
"-Synchronized-Data."
Browse files Browse the repository at this point in the history
  • Loading branch information
@cve-team
cve-team committed Jun 24, 2022
1 parent 36a0a29 commit 25463c7
Show file tree
Hide file tree
Showing 24 changed files with 1,354 additions and 141 deletions.
7 changes: 4 additions & 3 deletions 2022/21xxx/CVE-2022-21231.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,17 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-DEEPGETSET-2342655"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DEEPGETSET-2342655",
"name": "https://snyk.io/vuln/SNYK-JS-DEEPGETSET-2342655"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function.\r\n\r\n**Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666)\r\n\r\n\r\n"
"value": "All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666)"
}
]
},
Expand Down
66 changes: 60 additions & 6 deletions 2022/30xxx/CVE-2022-30885.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://pypi.doubanio.com/simple/request",
"refsource": "MISC",
"name": "http://pypi.doubanio.com/simple/request"
},
{
"url": "https://pypi.org/project/pyesasky/",
"refsource": "MISC",
"name": "https://pypi.org/project/pyesasky/"
},
{
"url": "https://github.com/esdc-esac-esa-int/pyesasky/issues/39",
"refsource": "MISC",
"name": "https://github.com/esdc-esac-esa-int/pyesasky/issues/39"
}
]
}
Expand Down
66 changes: 60 additions & 6 deletions 2022/32xxx/CVE-2022-32996.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32996",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://pypi.doubanio.com/simple/request",
"refsource": "MISC",
"name": "http://pypi.doubanio.com/simple/request"
},
{
"url": "https://pypi.org/project/django-navbar-client/",
"refsource": "MISC",
"name": "https://pypi.org/project/django-navbar-client/"
},
{
"url": "https://github.com/josubg/django_navbar_client/issues/1",
"refsource": "MISC",
"name": "https://github.com/josubg/django_navbar_client/issues/1"
}
]
}
Expand Down
66 changes: 60 additions & 6 deletions 2022/32xxx/CVE-2022-32997.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://pypi.doubanio.com/simple/request",
"refsource": "MISC",
"name": "http://pypi.doubanio.com/simple/request"
},
{
"url": "https://pypi.org/project/RootInteractive/",
"refsource": "MISC",
"name": "https://pypi.org/project/RootInteractive/"
},
{
"url": "https://github.com/miranov25/RootInteractive/issues/206",
"refsource": "MISC",
"name": "https://github.com/miranov25/RootInteractive/issues/206"
}
]
}
Expand Down
66 changes: 60 additions & 6 deletions 2022/32xxx/CVE-2022-32998.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://pypi.doubanio.com/simple/request",
"refsource": "MISC",
"name": "http://pypi.doubanio.com/simple/request"
},
{
"url": "https://pypi.org/project/cryptoasset-data-downloader/",
"refsource": "MISC",
"name": "https://pypi.org/project/cryptoasset-data-downloader/"
},
{
"url": "https://github.com/serhatci/cryptocurrency-historical-data-downloader/issues/8",
"refsource": "MISC",
"name": "https://github.com/serhatci/cryptocurrency-historical-data-downloader/issues/8"
}
]
}
Expand Down
Loading

0 comments on commit 25463c7

Please sign in to comment.