Skip to content

Commit

Permalink
Update CVE and NVD data
Browse files Browse the repository at this point in the history
  • Loading branch information
GSD-automation committed Apr 21, 2024
1 parent 7db95bc commit eddb7b4
Show file tree
Hide file tree
Showing 25 changed files with 933 additions and 108 deletions.
38 changes: 38 additions & 0 deletions 2015/10xxx/GSD-2015-10132.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-10132"
],
"id": "GSD-2015-10132",
"modified": "2024-04-21T05:00:54.861505Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2015-10132",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
38 changes: 38 additions & 0 deletions 2018/25xxx/GSD-2018-25101.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-25101"
],
"id": "GSD-2018-25101",
"modified": "2024-04-21T05:02:45.593909Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2018-25101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
207 changes: 126 additions & 81 deletions 2023/5xxx/GSD-2023-5752.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,16 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.3"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "unaffected",
"version": "23.3"
}
]
}
}
]
}
Expand Down Expand Up @@ -114,6 +121,11 @@
"name": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/",
"refsource": "MISC",
"url": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/[email protected]/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/"
}
]
},
Expand All @@ -122,94 +134,127 @@
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
"cve": {
"configurations": [
{
"children": [],
"cpe_match": [
"nodes": [
{
"cpe23Uri": "cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.3",
"vulnerable": true
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349B8FCB-AAFF-42A1-BCDF-D40EF91FC62E",
"versionEndExcluding": "23.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
]
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2023-5752"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When installing a package from a Mercurial VCS URL (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
],
"descriptions": [
{
"lang": "en",
"value": "When installing a package from a Mercurial VCS URL (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.\n"
},
{
"lang": "es",
"value": "Al instalar un paquete desde una URL de Mercurial VCS (es decir, \"pip install hg+...\") con pip anterior a v23.3, la revisi\u00f3n de Mercurial especificada podr\u00eda usarse para inyectar opciones de configuraci\u00f3n arbitrarias a la llamada \"hg clone\" (es decir, \" --config\u201d). Controlar la configuraci\u00f3n de Mercurial puede modificar c\u00f3mo y qu\u00e9 repositorio se instala. Esta vulnerabilidad no afecta a los usuarios que no instalan desde Mercurial."
}
],
"id": "CVE-2023-5752",
"lastModified": "2024-04-21T03:15:44.820",
"metrics": {
"cvssMetricV31": [
{
"name": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/"
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "[email protected]",
"type": "Primary"
},
{
"name": "https://github.com/pypa/pip/pull/12306",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/pypa/pip/pull/12306"
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "[email protected]",
"type": "Secondary"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"published": "2023-10-25T18:17:44.867",
"references": [
{
"source": "[email protected]",
"tags": [
"Patch"
],
"url": "https://github.com/pypa/pip/pull/12306"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-11-03T14:55Z",
"publishedDate": "2023-10-25T18:17Z"
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "[email protected]",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "[email protected]",
"type": "Secondary"
}
]
}
}
}
}
28 changes: 27 additions & 1 deletion 2024/27xxx/GSD-2024-27316.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,16 @@
"name": "https://security.netapp.com/advisory/ntap-20240415-0013/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/"
}
]
},
Expand All @@ -112,13 +122,29 @@
}
],
"id": "CVE-2024-27316",
"lastModified": "2024-04-05T12:40:52.763",
"lastModified": "2024-04-21T04:15:08.147",
"metrics": {},
"published": "2024-04-04T20:15:08.720",
"references": [
{
"source": "[email protected]",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/"
},
{
"source": "[email protected]",
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
}
],
"sourceIdentifier": "[email protected]",
Expand Down
Loading

0 comments on commit eddb7b4

Please sign in to comment.