admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-20 23:00:32 +00:00
parent 388d127bfe
commit 2c8bce93c2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
19 changed files with 1002 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/13xxx/CVE-2024-13900.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2024/54xxx/CVE-2024-54756.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-54756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC",
"refsource": "MISC",
"name": "https://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2025/Feb/11",
"url": "https://seclists.org/fulldisclosure/2025/Feb/11"
}
]
}

206
2024/5xxx/CVE-2024-5921.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.\n\nGlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories."
"value": "An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.\n\nPlease subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories."
}
]
},
@ -40,8 +40,146 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.3.0"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.3.2",
"status": "unaffected"
}
],
"lessThan": "6.3.2",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.2.6",
"status": "unaffected"
}
],
"lessThan": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.3.2",
"status": "unaffected"
}
],
"lessThan": "6.3.2",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.2.6-c857",
"status": "unaffected"
}
],
"lessThan": "6.2.6-c857",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.2.1-c31",
"status": "unaffected"
}
],
"lessThan": "6.2.1-c31",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_affected": "<",
"version_name": "6.1.0",
"version_value": "6.1.6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.1.7",
"status": "unaffected"
}
],
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "6.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
@ -62,44 +200,6 @@
],
"defaultStatus": "unaffected"
}
},
{
"version_affected": "=",
"version_value": "6.2.0"
},
{
"version_affected": "=",
"version_value": "6.1.0"
},
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "5.1.0"
}
]
}
},
{
"product_name": "GlobalProtect UWP App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
},
{
"product_name": "GlobalProtect iOS App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
@ -129,6 +229,9 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"GPC-19860",
@ -136,6 +239,19 @@
],
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"work_around": [
{
"lang": "en",
@ -143,7 +259,7 @@
{
"base64": false,
"type": "text/html",
"value": "<p><span>You can mitigate this issue for all platforms (</span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-windows-registry\"><span>Windows</span></a><span>, </span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-macos-property-list\"><span>macOS</span></a><span>, </span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-on-linux-endpoints-redhat\"><span>Linux</span></a><span>, </span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-workspaceone-on-ios-devices\"><span>iOS</span></a><span>, </span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-microsoft-intune-on-android-endpoints\"><span>Android</span></a><span>) by using the GlobalProtect app 6.0 in FIPS-CC mode or GlobalProtect app 5.1 in FIPS-CC mode. For details, </span><span>refer to </span><span>the first \"FIPS-CC Certification Validation\" table in </span><a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues\"><span>our documentation</span></a><span>.</span></p><p><span>Note: this is separate from any FIPS-CC configurations on any GlobalProtect portals or gateways. This workaround is specific to FIPS-CC mode on the GlobalProtect app. GlobalProtect portals or gateways do not need to use FIPS-CC mode as part of this workaround.</span></p>"
"value": "<p>You can mitigate this issue for all platforms (<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-windows-registry\">Windows</a>, <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-macos-property-list\">macOS</a>, <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-on-linux-endpoints-redhat\">Linux</a>, <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-workspaceone-on-ios-devices\">iOS</a>, <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-microsoft-intune-on-android-endpoints\">Android</a>) by using the GlobalProtect app 6.0 in FIPS-CC mode or GlobalProtect app 5.1 in FIPS-CC mode. For details, refer to the first \"FIPS-CC Certification Validation\" table in <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues\">our documentation</a>.</p><p>Note: this is separate from any FIPS-CC configurations on any GlobalProtect portals or gateways. This workaround is specific to FIPS-CC mode on the GlobalProtect app. GlobalProtect portals or gateways do not need to use FIPS-CC mode as part of this workaround.</p>"
}
],
"value": "You can mitigate this issue for all platforms ( Windows https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-windows-registry , macOS https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-macos-property-list , Linux https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-on-linux-endpoints-redhat , iOS https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-workspaceone-on-ios-devices , Android https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-and-verify-fips-cc-mode-using-microsoft-intune-on-android-endpoints ) by using the GlobalProtect app 6.0 in FIPS-CC mode or GlobalProtect app 5.1 in FIPS-CC mode. For details, refer to the first \"FIPS-CC Certification Validation\" table in our documentation https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues .\n\nNote: this is separate from any FIPS-CC configurations on any GlobalProtect portals or gateways. This workaround is specific to FIPS-CC mode on the GlobalProtect app. GlobalProtect portals or gateways do not need to use FIPS-CC mode as part of this workaround."
@ -156,7 +272,7 @@
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. We are aware of a publicly available conference talk and blog posts discussing this issue. A proof of concept for this issue is also publicly available.<br />"
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue. We are aware of a publicly available conference talk and blog posts discussing this issue. A proof of concept for this issue is also publicly available.<br></p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. We are aware of a publicly available conference talk and blog posts discussing this issue. A proof of concept for this issue is also publicly available."
@ -169,10 +285,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p><p>This issue is fixed in GlobalProtect app 6.2.6 and all later GlobalProtect app 6.2 versions on Windows.</p><p></p><p></p>The fix for this vulnerability requires three steps:<br /><ol><li>Ensure that all of your GlobalProtect portals use TLS certificate chains that only contain <a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/fips-cc-security-functions\">valid X.509v3 certificates</a>,</li><li>Ensure that the the TLS certificate chains used by the GlobalProtect portals are added to the root certificate store in your operating system,</li><li>Install a fixed version of GlobalProtect using one of the deployment options below. This setting enforces strict X.509v3 verification checks on the certificate provided by the GlobalProtect portal.<br /></li></ol><p>Note: Prisma Access customers using portals with a *.gpcloudservice.com domain name already have valid TLS certificate chains. The root certificate for these portals is from GoDaddy, which is trusted by default in Windows, macOS, RHEL, Ubuntu, iOS, and Android. Therefore, Prisma Access customers using a GlobalProtect portal with a *.gpcloudservice.com domain name should only need to perform step 3 above.<br /><br />Important: if your GlobalProtect portals do not use valid X.509V3 TLS certificate chains, this will result in TLS verification failures. To generate a GlobalProtect portal certificate that can be used with a fixed version of GlobalProtect app, refer to the first \"FIPS-CC Certification Validation\" table in <a target=\"_blank\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues\">our documentation</a>.</p><p><b>Solution for new and existing GlobalProtect app installation on Windows</b></p><p></p><p>Customers can use their endpoint mobile device management (MDM) tools to apply the following changes.</p><ol><li>Install a fixed version of GlobalProtect app.</li><li>Update the following registry key with the specified recommended values:<br />HKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings<br />cert-store: machine<br />cert-location: ROOT<br />full-chain-cert-verify: yes</li><li>To apply this registry change, restart the operating system.</li></ol><p></p><p><b>Alternate solution for new GlobalProtect app installation on Windows</b></p><p></p><p>Install GlobalProtect with the pre-deployment key FULLCHAINCERTVERIFY set to Yes:</p><p>\u00a0 \u00a0 msiexec.exe /i GlobalProtect64.msi FULLCHAINCERTVERIFY=\"yes\"</p><p></p>"
"value": "<p>This issue is fixed in GlobalProtect app 6.2.1-c31 on Linux, GlobalProtect app 6.2.6 on Windows, GlobalProtect app 6.2.6-c857 on macOS, GlobalProtect app 6.3.2 on Windows and macOS, and all later GlobalProtect app versions. Additional fixes are under development and will be made available for the remaining platforms (Linux, iOS, and Android).</p>The fix for this vulnerability requires three steps:<br><ol><li>Ensure that all of your GlobalProtect portals use TLS certificate chains that meet the criteria specified in the \"FIPS-CC Certification Validation\" table in <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues\">our documentation</a>.</li><li>Ensure that the TLS certificate chains used by the GlobalProtect portals are added to the root certificate store in your operating system.</li><li>Install a fixed version of GlobalProtect using one of the deployment options below. This setting enforces strict X.509v3 verification checks on the certificate provided by the GlobalProtect portal.<br></li></ol><p>Note: Prisma Access customers using portals with a *.gpcloudservice.com domain name already have valid TLS certificate chains. The root certificate for these portals is from GoDaddy, which is trusted by default in Windows, macOS, RHEL, Ubuntu, iOS, and Android. Therefore, Prisma Access customers using a GlobalProtect portal with a *.gpcloudservice.com domain name should only need to perform step 3 above.<br><br><b>Important</b>: If your GlobalProtect portals do not use valid X.509V3 TLS certificate chains, this will result in TLS verification failures. To generate a GlobalProtect portal certificate that can be used with a fixed version of GlobalProtect app, refer to the first \"FIPS-CC Certification Validation\" table in <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues\">our documentation</a>.<b><br></b></p><p><b></b><b></b><b>Warning: Performance Concern:</b> Some customers reported problems connecting to Portals and Gateways when this solution was implemented in certain situations. This is due to certificate providers that rate limit requests for Online Certificate Status Protocol (OCSP) and certificate revocation list (CRL) checks. This happens when multiple users connect to GlobalProtect Portals from a single public IP (such as NAT) around the same time, such as when hundreds or thousands of end users connect around the start of a workday from a single office.<br></p>"
}
],
"value": "This issue is fixed in GlobalProtect app 6.2.6 and all later GlobalProtect app 6.2 versions on Windows.\n\n\n\n\n\nThe fix for this vulnerability requires three steps:\n * Ensure that all of your GlobalProtect portals use TLS certificate chains that only contain valid X.509v3 certificates https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/fips-cc-security-functions ,\n * Ensure that the the TLS certificate chains used by the GlobalProtect portals are added to the root certificate store in your operating system,\n * Install a fixed version of GlobalProtect using one of the deployment options below. This setting enforces strict X.509v3 verification checks on the certificate provided by the GlobalProtect portal.\n\nNote: Prisma Access customers using portals with a *.gpcloudservice.com domain name already have valid TLS certificate chains. The root certificate for these portals is from GoDaddy, which is trusted by default in Windows, macOS, RHEL, Ubuntu, iOS, and Android. Therefore, Prisma Access customers using a GlobalProtect portal with a *.gpcloudservice.com domain name should only need to perform step 3 above.\n\nImportant: if your GlobalProtect portals do not use valid X.509V3 TLS certificate chains, this will result in TLS verification failures. To generate a GlobalProtect portal certificate that can be used with a fixed version of GlobalProtect app, refer to the first \"FIPS-CC Certification Validation\" table in our documentation https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues .\n\nSolution for new and existing GlobalProtect app installation on Windows\n\n\n\nCustomers can use their endpoint mobile device management (MDM) tools to apply the following changes.\n\n * Install a fixed version of GlobalProtect app.\n * Update the following registry key with the specified recommended values:\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings\ncert-store: machine\ncert-location: ROOT\nfull-chain-cert-verify: yes\n * To apply this registry change, restart the operating system.\n\n\nAlternate solution for new GlobalProtect app installation on Windows\n\n\n\nInstall GlobalProtect with the pre-deployment key FULLCHAINCERTVERIFY set to Yes:\n\n\u00a0 \u00a0 msiexec.exe /i GlobalProtect64.msi FULLCHAINCERTVERIFY=\"yes\""
"value": "This issue is fixed in GlobalProtect app 6.2.1-c31 on Linux, GlobalProtect app 6.2.6 on Windows, GlobalProtect app 6.2.6-c857 on macOS, GlobalProtect app 6.3.2 on Windows and macOS, and all later GlobalProtect app versions. Additional fixes are under development and will be made available for the remaining platforms (Linux, iOS, and Android).\n\nThe fix for this vulnerability requires three steps:\n * Ensure that all of your GlobalProtect portals use TLS certificate chains that meet the criteria specified in the \"FIPS-CC Certification Validation\" table in our documentation https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues .\n * Ensure that the TLS certificate chains used by the GlobalProtect portals are added to the root certificate store in your operating system.\n * Install a fixed version of GlobalProtect using one of the deployment options below. This setting enforces strict X.509v3 verification checks on the certificate provided by the GlobalProtect portal.\n\nNote: Prisma Access customers using portals with a *.gpcloudservice.com domain name already have valid TLS certificate chains. The root certificate for these portals is from GoDaddy, which is trusted by default in Windows, macOS, RHEL, Ubuntu, iOS, and Android. Therefore, Prisma Access customers using a GlobalProtect portal with a *.gpcloudservice.com domain name should only need to perform step 3 above.\n\nImportant: If your GlobalProtect portals do not use valid X.509V3 TLS certificate chains, this will result in TLS verification failures. To generate a GlobalProtect portal certificate that can be used with a fixed version of GlobalProtect app, refer to the first \"FIPS-CC Certification Validation\" table in our documentation https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/certifications/resolve-fips-cc-mode-issues .\n\n\nWarning: Performance Concern: Some customers reported problems connecting to Portals and Gateways when this solution was implemented in certain situations. This is due to certificate providers that rate limit requests for Online Certificate Status Protocol (OCSP) and certificate revocation list (CRL) checks. This happens when multiple users connect to GlobalProtect Portals from a single public IP (such as NAT) around the same time, such as when hundreds or thousands of end users connect around the start of a workday from a single office."
}
],
"credits": [

8
2024/7xxx/CVE-2024-7131.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

56
2025/22xxx/CVE-2025-22973.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-22973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/202110420106/CVE/blob/master/CVE-2025-22973.md",
"url": "https://github.com/202110420106/CVE/blob/master/CVE-2025-22973.md"
}
]
}

56
2025/25xxx/CVE-2025-25662.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/O4V3/setMacFilterList.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/O4V3/setMacFilterList.md"
}
]
}

56
2025/25xxx/CVE-2025-25663.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/WifiExtraSet.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/WifiExtraSet.md"
}
]
}

56
2025/25xxx/CVE-2025-25664.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/SetIpMacBind.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/SetIpMacBind.md"
}
]
}

56
2025/25xxx/CVE-2025-25667.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/saveParentControlInfo.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/saveParentControlInfo.md"
}
]
}

56
2025/25xxx/CVE-2025-25668.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/setMacFilterCfg.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC8V4/setMacFilterCfg.md"
}
]
}

56
2025/25xxx/CVE-2025-25674.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/fast_setting_wifi_set.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/fast_setting_wifi_set.md"
}
]
}

56
2025/25xxx/CVE-2025-25675.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md"
}
]
}

56
2025/25xxx/CVE-2025-25676.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/wifiSSIDget.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/wifiSSIDget.md"
}
]
}

56
2025/25xxx/CVE-2025-25678.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/setcfm.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/setcfm.md"
}
]
}

56
2025/25xxx/CVE-2025-25679.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/WifiMacFilterSet.md",
"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/i12V1/WifiMacFilterSet.md"
}
]
}

56
2025/25xxx/CVE-2025-25957.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dayrui/xunruicms/issues/5",
"refsource": "MISC",
"name": "https://github.com/dayrui/xunruicms/issues/5"
}
]
}

56
2025/25xxx/CVE-2025-25958.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Abel-Lan/phpcms/issues/1",
"refsource": "MISC",
"name": "https://github.com/Abel-Lan/phpcms/issues/1"
}
]
}

56
2025/25xxx/CVE-2025-25960.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Abel-Lan/phpcms/issues/2",
"refsource": "MISC",
"name": "https://github.com/Abel-Lan/phpcms/issues/2"
}
]
}

68
2025/27xxx/CVE-2025-27088.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a moderate risk to all users. It's possible to inject html elements, including scripts through the folder-list template. The affected template allows users to interact with the URL path provided by the `Request.URL.Path` variable, which is then rendered directly into the HTML without proper sanitization or escaping. This can be abused by attackers who craft a malicious URL containing injected HTML or JavaScript. When users visit such a URL, the malicious script will be executed in the user's context. This issue has been addressed in version 4.18.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "oxyno-zeta",
"product": {
"product_data": [
{
"product_name": "s3-proxy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.18.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/oxyno-zeta/s3-proxy/security/advisories/GHSA-pp9m-qf39-hxjc",
"refsource": "MISC",
"name": "https://github.com/oxyno-zeta/s3-proxy/security/advisories/GHSA-pp9m-qf39-hxjc"
},
{
"url": "https://github.com/oxyno-zeta/s3-proxy/commit/c611c741ed4872ea3f46232be23bb830f96f9564",
"refsource": "MISC",
"name": "https://github.com/oxyno-zeta/s3-proxy/commit/c611c741ed4872ea3f46232be23bb830f96f9564"
},
{
"url": "https://github.com/oxyno-zeta/s3-proxy/blob/master/templates/folder-list.tpl#L19C21-L19C38",
"refsource": "MISC",
"name": "https://github.com/oxyno-zeta/s3-proxy/blob/master/templates/folder-list.tpl#L19C21-L19C38"
}
]
},
"source": {
"advisory": "GHSA-pp9m-qf39-hxjc",
"discovery": "UNKNOWN"
}
}