From 03469c178f9721f7b71a424b03f71ce7ee67067f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 May 2021 23:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/32xxx/CVE-2021-32615.json | 61 +++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33026.json | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+), 6 deletions(-) create mode 100644 2021/33xxx/CVE-2021-33026.json diff --git a/2021/32xxx/CVE-2021-32615.json b/2021/32xxx/CVE-2021-32615.json index 587b0a7ca83..62109e12e28 100644 --- a/2021/32xxx/CVE-2021-32615.json +++ b/2021/32xxx/CVE-2021-32615.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32615", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32615", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/Piwigo/Piwigo/commit/2ce1e5952238eba0fe5c5d6537ebdc76cb970b52", + "url": "https://github.com/Piwigo/Piwigo/commit/2ce1e5952238eba0fe5c5d6537ebdc76cb970b52" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Piwigo/Piwigo/issues/1410", + "url": "https://github.com/Piwigo/Piwigo/issues/1410" } ] } diff --git a/2021/33xxx/CVE-2021-33026.json b/2021/33xxx/CVE-2021-33026.json new file mode 100644 index 00000000000..7727abdc6b9 --- /dev/null +++ b/2021/33xxx/CVE-2021-33026.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-33026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sh4nks/flask-caching/pull/209", + "refsource": "MISC", + "name": "https://github.com/sh4nks/flask-caching/pull/209" + } + ] + } +} \ No newline at end of file