"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2022-12-27 08:00:41 +00:00 · 2022-12-27 08:00:41 +00:00 · 236773ace4
commit 236773ace4
parent 566a456db1
3 changed files with 35 additions and 2 deletions
--- a/2021/31xxx/CVE-2021-31875.json
+++ b/2021/31xxx/CVE-2021-31875.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow."
+                "value": "** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because \"there isn\u2019t very much of an opportunity to exploit this reliably for an information leak, so there isn\u2019t any real security impact.\""
            }
        ]
    },
--- a/2022/40xxx/CVE-2022-40897.json
+++ b/2022/40xxx/CVE-2022-40897.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "An issue discovered in Python Packaging Authority (PyPA) setuptools 65.3.0 and earlier allows remote attackers to cause a denial of service via crafted HTML package or custom PackageIndex page."
+                "value": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
            }
        ]
    },
@ -61,6 +61,21 @@
                "refsource": "MISC",
                "name": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/",
                "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be",
+                "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/",
+                "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1",
+                "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1"
            }
        ]
    }
--- a/2023/22xxx/CVE-2023-22366.json
+++ b/2023/22xxx/CVE-2023-22366.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-22366",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}