diff --git a/2017/9xxx/CVE-2017-9438.json b/2017/9xxx/CVE-2017-9438.json index 36a1e99fdf5..64e28c8c144 100644 --- a/2017/9xxx/CVE-2017-9438.json +++ b/2017/9xxx/CVE-2017-9438.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-f41d5fc954", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-dd62918333", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/" } ] } diff --git a/2019/19xxx/CVE-2019-19648.json b/2019/19xxx/CVE-2019-19648.json index 89ccc7670f6..4fb90966486 100644 --- a/2019/19xxx/CVE-2019-19648.json +++ b/2019/19xxx/CVE-2019-19648.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-f41d5fc954", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-dd62918333", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/" } ] } diff --git a/2019/25xxx/CVE-2019-25013.json b/2019/25xxx/CVE-2019-25013.json index 1db713a1548..a080c56a5db 100644 --- a/2019/25xxx/CVE-2019-25013.json +++ b/2019/25xxx/CVE-2019-25013.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", + "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E" } ] } diff --git a/2020/7xxx/CVE-2020-7791.json b/2020/7xxx/CVE-2020-7791.json index 7c8c27223c3..ee27869e5bc 100644 --- a/2020/7xxx/CVE-2020-7791.json +++ b/2020/7xxx/CVE-2020-7791.json @@ -61,6 +61,11 @@ "refsource": "MISC", "url": "https://github.com/turquoiseowl/i18n/commit/c418e3345313dc896c1951d8c46ab0b9b12fcbd3", "name": "https://github.com/turquoiseowl/i18n/commit/c418e3345313dc896c1951d8c46ab0b9b12fcbd3" + }, + { + "refsource": "MLIST", + "name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #821: build: CVE fix", + "url": "https://lists.apache.org/thread.html/rc2abba7aa0450198494bbee654fce9b97fad72a4989323e189faede4@%3Cdev.myfaces.apache.org%3E" } ] }, diff --git a/2020/8xxx/CVE-2020-8908.json b/2020/8xxx/CVE-2020-8908.json index 26055f7bfbc..af86fb164b3 100644 --- a/2020/8xxx/CVE-2020-8908.json +++ b/2020/8xxx/CVE-2020-8908.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities", "url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix", + "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E" } ] }, diff --git a/2021/20xxx/CVE-2021-20291.json b/2021/20xxx/CVE-2021-20291.json index 41ea598f777..f5a133a2b6e 100644 --- a/2021/20xxx/CVE-2021-20291.json +++ b/2021/20xxx/CVE-2021-20291.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-a3703b9dc8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-c56a213327", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/" } ] }, diff --git a/2021/22xxx/CVE-2021-22206.json b/2021/22xxx/CVE-2021-22206.json index 684e974a808..612e3ae88f7 100644 --- a/2021/22xxx/CVE-2021-22206.json +++ b/2021/22xxx/CVE-2021-22206.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.6, <13.9.7" + }, + { + "version_value": ">=13.10.0, <13.10.4" + }, + { + "version_value": ">=13.11.0, <13.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext storage of sensitive information in memory in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/230864", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/230864", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/928074", + "url": "https://hackerone.com/reports/928074", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text," } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [jlneel](https://hackerone.com/jlneel) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22208.json b/2021/22xxx/CVE-2021-22208.json index 842c9af4232..3a710e72d73 100644 --- a/2021/22xxx/CVE-2021-22208.json +++ b/2021/22xxx/CVE-2021-22208.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.5, <13.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/301212", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/301212", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22208.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22208.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team." + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22209.json b/2021/22xxx/CVE-2021-22209.json index 3ad2c9c4a6f..6017fa5ad39 100644 --- a/2021/22xxx/CVE-2021-22209.json +++ b/2021/22xxx/CVE-2021-22209.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.11, <13.11.12" + }, + { + "version_value": ">=13.10, <13.10.4" + }, + { + "version_value": ">=13.8, <13.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/327155", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/327155", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22209.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22209.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22210.json b/2021/22xxx/CVE-2021-22210.json index 8ad022614d7..23d3e7378d1 100644 --- a/2021/22xxx/CVE-2021-22210.json +++ b/2021/22xxx/CVE-2021-22210.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.11, <13.11.2" + }, + { + "version_value": ">=13.10, <13.10.4" + }, + { + "version_value": ">=13.2, <13.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allocation of resources without limits or throttling in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/322500", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/322500", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22210.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22210.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22881.json b/2021/22xxx/CVE-2021-22881.json index 22ede7ea544..07ff424bd60 100644 --- a/2021/22xxx/CVE-2021-22881.json +++ b/2021/22xxx/CVE-2021-22881.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b571fca1b8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210505 [CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack", + "url": "http://www.openwall.com/lists/oss-security/2021/05/05/2" } ] }, diff --git a/2021/25xxx/CVE-2021-25214.json b/2021/25xxx/CVE-2021-25214.json index de66adaf7c4..12a6d83b2a6 100644 --- a/2021/25xxx/CVE-2021-25214.json +++ b/2021/25xxx/CVE-2021-25214.json @@ -140,6 +140,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-ace61cbee1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/" } ] }, diff --git a/2021/25xxx/CVE-2021-25215.json b/2021/25xxx/CVE-2021-25215.json index 6835232c2f1..87c2dad19c2 100644 --- a/2021/25xxx/CVE-2021-25215.json +++ b/2021/25xxx/CVE-2021-25215.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-ace61cbee1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/" } ] }, diff --git a/2021/25xxx/CVE-2021-25317.json b/2021/25xxx/CVE-2021-25317.json index a13e9e1a4f7..d65ac824556 100644 --- a/2021/25xxx/CVE-2021-25317.json +++ b/2021/25xxx/CVE-2021-25317.json @@ -140,6 +140,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1184161", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184161" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-dc578ce534", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/" } ] }, diff --git a/2021/26xxx/CVE-2021-26291.json b/2021/26xxx/CVE-2021-26291.json index 25fb2d0bdff..ddeb6ad8b96 100644 --- a/2021/26xxx/CVE-2021-26291.json +++ b/2021/26xxx/CVE-2021-26291.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291", "url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381@%3Cdev.jena.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix", + "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E" } ] }, diff --git a/2021/27xxx/CVE-2021-27291.json b/2021/27xxx/CVE-2021-27291.json index 0cd9028b3a3..d63d1453766 100644 --- a/2021/27xxx/CVE-2021-27291.json +++ b/2021/27xxx/CVE-2021-27291.json @@ -81,6 +81,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-166dfc62b2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3f975f68c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" } ] } diff --git a/2021/28xxx/CVE-2021-28128.json b/2021/28xxx/CVE-2021-28128.json index c18c8734cc3..afe5bda967a 100644 --- a/2021/28xxx/CVE-2021-28128.json +++ b/2021/28xxx/CVE-2021-28128.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28128", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28128", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases", + "url": "https://github.com/strapi/strapi/releases" + }, + { + "url": "https://strapi.io/changelog", + "refsource": "MISC", + "name": "https://strapi.io/changelog" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt" } ] } diff --git a/2021/28xxx/CVE-2021-28168.json b/2021/28xxx/CVE-2021-28168.json index d1a9c8dbd53..aa67b3ce568 100644 --- a/2021/28xxx/CVE-2021-28168.json +++ b/2021/28xxx/CVE-2021-28168.json @@ -104,6 +104,11 @@ "refsource": "MLIST", "name": "[kafka-dev] 20210505 [jira] [Created] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02", "url": "https://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc@%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20210505 [GitHub] [kafka] shayelkin opened a new pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168", + "url": "https://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0@%3Cjira.kafka.apache.org%3E" } ] } diff --git a/2021/31xxx/CVE-2021-31542.json b/2021/31xxx/CVE-2021-31542.json index b90386a0166..931769273a6 100644 --- a/2021/31xxx/CVE-2021-31542.json +++ b/2021/31xxx/CVE-2021-31542.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/", "url": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2651-1] python-django security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html" } ] }