diff --git a/2024/55xxx/CVE-2024-55604.json b/2024/55xxx/CVE-2024-55604.json index d4bfaca5c7c..25daeed3a72 100644 --- a/2024/55xxx/CVE-2024-55604.json +++ b/2024/55xxx/CVE-2024-55604.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-55604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as \"App Viewer\" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a \"viewer\", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "appsmithorg", + "product": { + "product_data": [ + { + "product_name": "appsmith", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.51" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6", + "refsource": "MISC", + "name": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6" + } + ] + }, + "source": { + "advisory": "GHSA-794x-gm8v-2wj6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22230.json b/2025/22xxx/CVE-2025-22230.json index 36c230fb3c0..ef1f8ea3bb7 100644 --- a/2025/22xxx/CVE-2025-22230.json +++ b/2025/22xxx/CVE-2025-22230.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.\u00a0A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Tools", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.x.x, 11.x.x", + "version_value": "12.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518", + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26742.json b/2025/26xxx/CVE-2025-26742.json index 8313211a9ca..e91530821a7 100644 --- a/2025/26xxx/CVE-2025-26742.json +++ b/2025/26xxx/CVE-2025-26742.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GhozyLab", + "product": { + "product_data": [ + { + "product_name": "Gallery for Social Photo", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.0.37", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.0.35", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/feed-instagram-lite/vulnerability/wordpress-gallery-for-social-photo-plugin-1-0-0-35-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/feed-instagram-lite/vulnerability/wordpress-gallery-for-social-photo-plugin-1-0-0-35-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Gallery for Social Photo plugin to the latest available version (at least 1.0.0.37)." + } + ], + "value": "Update the WordPress Gallery for Social Photo plugin to the latest available version (at least 1.0.0.37)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Muhammad Yudha (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/27xxx/CVE-2025-27147.json b/2025/27xxx/CVE-2025-27147.json index 7bcc731ad42..0e74f70d719 100644 --- a/2025/27xxx/CVE-2025-27147.json +++ b/2025/27xxx/CVE-2025-27147.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-552: Files or Directories Accessible to External Parties", + "cweId": "CWE-552" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "glpi-project", + "product": { + "product_data": [ + { + "product_name": "glpi-inventory-plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-h6x9-jm98-cw7c", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-h6x9-jm98-cw7c" + }, + { + "url": "https://github.com/glpi-project/glpi-inventory-plugin/commit/aaeb26d98d07019375c25b56e60fffc195553545", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi-inventory-plugin/commit/aaeb26d98d07019375c25b56e60fffc195553545" + } + ] + }, + "source": { + "advisory": "GHSA-h6x9-jm98-cw7c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2530.json b/2025/2xxx/CVE-2025-2530.json index 00536dd59d8..8532563605c 100644 --- a/2025/2xxx/CVE-2025-2530.json +++ b/2025/2xxx/CVE-2025-2530.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of dae files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23698." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Luxion", + "product": { + "product_data": [ + { + "product_name": "KeyShot", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024 13.0.0 Build 92 4.10.171" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-173/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-173/" + } + ] + }, + "source": { + "lang": "en", + "value": "Anonymous" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/2xxx/CVE-2025-2531.json b/2025/2xxx/CVE-2025-2531.json index 38803de61c8..603ac537957 100644 --- a/2025/2xxx/CVE-2025-2531.json +++ b/2025/2xxx/CVE-2025-2531.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of dae files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23704." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Luxion", + "product": { + "product_data": [ + { + "product_name": "KeyShot", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024 13.0.0 Build 92 4.10.171" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-174/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-174/" + } + ] + }, + "source": { + "lang": "en", + "value": "Anonymous" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/2xxx/CVE-2025-2532.json b/2025/2xxx/CVE-2025-2532.json index f13dee0f7d8..5d883edb1ee 100644 --- a/2025/2xxx/CVE-2025-2532.json +++ b/2025/2xxx/CVE-2025-2532.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of usdc files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Luxion", + "product": { + "product_data": [ + { + "product_name": "KeyShot", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024 13.0.0 Build 92 4.10.171" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-175/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-175/" + } + ] + }, + "source": { + "lang": "en", + "value": "Anonymous" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/2xxx/CVE-2025-2790.json b/2025/2xxx/CVE-2025-2790.json new file mode 100644 index 00000000000..4f7cc6b96bc --- /dev/null +++ b/2025/2xxx/CVE-2025-2790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30212.json b/2025/30xxx/CVE-2025-30212.json index ecd482a879a..afc577f7219 100644 --- a/2025/30xxx/CVE-2025-30212.json +++ b/2025/30xxx/CVE-2025-30212.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no other workaround is present." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "frappe", + "product": { + "product_data": [ + { + "product_name": "frappe", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 14.89.0" + }, + { + "version_affected": "=", + "version_value": ">= 15.0.0, < 15.51.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/frappe/frappe/security/advisories/GHSA-3hj6-r5c9-q8f3", + "refsource": "MISC", + "name": "https://github.com/frappe/frappe/security/advisories/GHSA-3hj6-r5c9-q8f3" + }, + { + "url": "https://github.com/frappe/frappe/commit/27f13437db161a173137d91cd07d0f9287d7c556", + "refsource": "MISC", + "name": "https://github.com/frappe/frappe/commit/27f13437db161a173137d91cd07d0f9287d7c556" + }, + { + "url": "https://github.com/frappe/frappe/commit/2ebd88520ecfa9bb7d3392b7de8c8f94a86ec05c", + "refsource": "MISC", + "name": "https://github.com/frappe/frappe/commit/2ebd88520ecfa9bb7d3392b7de8c8f94a86ec05c" + } + ] + }, + "source": { + "advisory": "GHSA-3hj6-r5c9-q8f3", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30213.json b/2025/30xxx/CVE-2025-30213.json index 3ddc16cecf9..617375d94a3 100644 --- a/2025/30xxx/CVE-2025-30213.json +++ b/2025/30xxx/CVE-2025-30213.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "frappe", + "product": { + "product_data": [ + { + "product_name": "frappe", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 14.91.0" + }, + { + "version_affected": "=", + "version_value": ">= 15.0.0, < 15.52.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3", + "refsource": "MISC", + "name": "https://github.com/frappe/frappe/security/advisories/GHSA-v342-4xr9-x3q3" + } + ] + }, + "source": { + "advisory": "GHSA-v342-4xr9-x3q3", + "discovery": "UNKNOWN" } } \ No newline at end of file