From 453da06339c38f74a2910836d1b82ebb8873305d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Jun 2021 08:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23399.json | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/2021/23xxx/CVE-2021-23399.json b/2021/23xxx/CVE-2021-23399.json index bb69200757e..043f46db079 100644 --- a/2021/23xxx/CVE-2021-23399.json +++ b/2021/23xxx/CVE-2021-23399.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538", + "name": "https://snyk.io/vuln/SNYK-JS-WINCRED-1078538" }, { - "refsource": "CONFIRM", - "url": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20" + "refsource": "MISC", + "url": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20", + "name": "https://github.com/rolangom/wincred/blob/3fd39186ee32add9c12046cdccf2765d19565335/index.ts%23L20" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package wincred.\n If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\n\r\n" + "value": "This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization." } ] },