"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2022-01-04 21:01:10 +00:00 · 2022-01-04 21:01:10 +00:00 · 30cb5be169
commit 30cb5be169
parent 8bb911dccf
4 changed files with 18 additions and 18 deletions
--- a/2021/34xxx/CVE-2021-34141.json
+++ b/2021/34xxx/CVE-2021-34141.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects."
+                "value": "** DISPUTED ** Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. NOTE: the vendor states that this reported code behavior is \"completely harmless.\""
            }
        ]
    },
--- a/2022/21xxx/CVE-2022-21647.json
+++ b/2022/21xxx/CVE-2022-21647.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`.\n"
+                "value": "CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`."
            }
        ]
    },
--- a/2022/21xxx/CVE-2022-21649.json
+++ b/2022/21xxx/CVE-2022-21649.json
@ -70,24 +70,24 @@
    "references": {
        "reference_data": [
            {
-                "name": "https://github.com/convos-chat/convos/security/advisories/GHSA-xmpj-xwm3-vww7",
-                "refsource": "CONFIRM",
-                "url": "https://github.com/convos-chat/convos/security/advisories/GHSA-xmpj-xwm3-vww7"
+                "name": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#Second-vulnerability",
+                "refsource": "MISC",
+                "url": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#Second-vulnerability"
            },
            {
                "name": "https://github.com/convos-chat/convos/commit/86b2193de375005ba71d9dd53843562c6ac1847c",
                "refsource": "MISC",
                "url": "https://github.com/convos-chat/convos/commit/86b2193de375005ba71d9dd53843562c6ac1847c"
            },
-            {
-                "name": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#Second-vulnerability",
-                "refsource": "MISC",
-                "url": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#Second-vulnerability"
-            },
            {
                "name": "https://www.huntr.dev/bounties/4532a0ac-4e7c-4fcf-9fe3-630e132325c0/",
                "refsource": "MISC",
                "url": "https://www.huntr.dev/bounties/4532a0ac-4e7c-4fcf-9fe3-630e132325c0/"
+            },
+            {
+                "name": "https://github.com/convos-chat/convos/security/advisories/GHSA-xmpj-xwm3-vww7",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/convos-chat/convos/security/advisories/GHSA-xmpj-xwm3-vww7"
            }
        ]
    },
--- a/2022/21xxx/CVE-2022-21650.json
+++ b/2022/21xxx/CVE-2022-21650.json
@ -70,24 +70,24 @@
    "references": {
        "reference_data": [
            {
-                "name": "https://github.com/convos-chat/convos/security/advisories/GHSA-mm2v-4v7g-m695",
-                "refsource": "CONFIRM",
-                "url": "https://github.com/convos-chat/convos/security/advisories/GHSA-mm2v-4v7g-m695"
+                "name": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#First-vulnerability",
+                "refsource": "MISC",
+                "url": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#First-vulnerability"
            },
            {
                "name": "https://github.com/convos-chat/convos/commit/5c0a1ec9a2c147bc3b63fd5a48da5f32e18fe5df",
                "refsource": "MISC",
                "url": "https://github.com/convos-chat/convos/commit/5c0a1ec9a2c147bc3b63fd5a48da5f32e18fe5df"
            },
-            {
-                "name": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#First-vulnerability",
-                "refsource": "MISC",
-                "url": "https://blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#First-vulnerability"
-            },
            {
                "name": "https://www.huntr.dev/bounties/ae424798-de01-4972-b73b-2db674f82368/",
                "refsource": "MISC",
                "url": "https://www.huntr.dev/bounties/ae424798-de01-4972-b73b-2db674f82368/"
+            },
+            {
+                "name": "https://github.com/convos-chat/convos/security/advisories/GHSA-mm2v-4v7g-m695",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/convos-chat/convos/security/advisories/GHSA-mm2v-4v7g-m695"
            }
        ]
    },