From 458a3901fbca467d143d8461c60445cd24ea46f0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 18 Feb 2021 17:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/28xxx/CVE-2020-28463.json | 12 +++++++----- 2020/28xxx/CVE-2020-28491.json | 17 ++++++++++------- 2020/28xxx/CVE-2020-28499.json | 17 ++++++++++------- 2021/23xxx/CVE-2021-23341.json | 32 +++++++++++++++++++------------- 2021/25xxx/CVE-2021-25913.json | 12 +++++++++++- 2021/27xxx/CVE-2021-27392.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27393.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27394.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27395.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27396.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27397.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27398.json | 18 ++++++++++++++++++ 2021/27xxx/CVE-2021-27399.json | 18 ++++++++++++++++++ 13 files changed, 201 insertions(+), 33 deletions(-) create mode 100644 2021/27xxx/CVE-2021-27392.json create mode 100644 2021/27xxx/CVE-2021-27393.json create mode 100644 2021/27xxx/CVE-2021-27394.json create mode 100644 2021/27xxx/CVE-2021-27395.json create mode 100644 2021/27xxx/CVE-2021-27396.json create mode 100644 2021/27xxx/CVE-2021-27397.json create mode 100644 2021/27xxx/CVE-2021-27398.json create mode 100644 2021/27xxx/CVE-2021-27399.json diff --git a/2020/28xxx/CVE-2020-28463.json b/2020/28xxx/CVE-2020-28463.json index 94e9f60315f..f23d707a0e0 100644 --- a/2020/28xxx/CVE-2020-28463.json +++ b/2020/28xxx/CVE-2020-28463.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145", + "name": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145" }, { - "refsource": "CONFIRM", - "url": "https://www.reportlab.com/docs/reportlab-userguide.pdf" + "refsource": "MISC", + "url": "https://www.reportlab.com/docs/reportlab-userguide.pdf", + "name": "https://www.reportlab.com/docs/reportlab-userguide.pdf" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation)\r\n\r\nSteps to reproduce by Karan Bamal:\r\n\r\n1. Download and install the latest package of reportlab\r\n2. Go to demos -> odyssey -> dodyssey\r\n3. In the text file odyssey.txt that needs to be converted to pdf inject \r\n4. Create a nc listener nc -lp 5000\r\n5. Run python3 dodyssey.py\r\n6. You will get a hit on your nc showing we have successfully proceded to send a server side request\r\n7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF\n" + "value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF" } ] }, diff --git a/2020/28xxx/CVE-2020-28491.json b/2020/28xxx/CVE-2020-28491.json index c3af9abcc2b..42627a9f84f 100644 --- a/2020/28xxx/CVE-2020-28491.json +++ b/2020/28xxx/CVE-2020-28491.json @@ -60,16 +60,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329" }, { - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186" + "refsource": "MISC", + "url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186", + "name": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186" }, { - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6" + "refsource": "MISC", + "url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6", + "name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6" } ] }, @@ -77,7 +80,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.\n Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.\n" + "value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception." } ] }, diff --git a/2020/28xxx/CVE-2020-28499.json b/2020/28xxx/CVE-2020-28499.json index f586ae5969e..16df12293ee 100644 --- a/2020/28xxx/CVE-2020-28499.json +++ b/2020/28xxx/CVE-2020-28499.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987", + "name": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049" }, { - "refsource": "CONFIRM", - "url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64" + "refsource": "MISC", + "url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64", + "name": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . \r\n\r\n" + "value": "All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge ." } ] }, diff --git a/2021/23xxx/CVE-2021-23341.json b/2021/23xxx/CVE-2021-23341.json index 75822ccac4f..137cc537b23 100644 --- a/2021/23xxx/CVE-2021-23341.json +++ b/2021/23xxx/CVE-2021-23341.json @@ -48,28 +48,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581", + "name": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583" }, { - "refsource": "CONFIRM", - "url": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609" + "refsource": "MISC", + "url": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609", + "name": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609" }, { - "refsource": "CONFIRM", - "url": "https://github.com/PrismJS/prism/issues/2583" + "refsource": "MISC", + "url": "https://github.com/PrismJS/prism/issues/2583", + "name": "https://github.com/PrismJS/prism/issues/2583" }, { - "refsource": "CONFIRM", - "url": "https://github.com/PrismJS/prism/pull/2584" + "refsource": "MISC", + "url": "https://github.com/PrismJS/prism/pull/2584", + "name": "https://github.com/PrismJS/prism/pull/2584" } ] }, @@ -77,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.\n" + "value": "The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components." } ] }, diff --git a/2021/25xxx/CVE-2021-25913.json b/2021/25xxx/CVE-2021-25913.json index 03f5d0420b4..12eabe0d464 100644 --- a/2021/25xxx/CVE-2021-25913.json +++ b/2021/25xxx/CVE-2021-25913.json @@ -44,6 +44,16 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913" + }, + { + "refsource": "MISC", + "name": "https://github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936", + "url": "https://github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936" + }, { "refsource": "MISC", "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913", @@ -60,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "Prototype pollution vulnerability in \u2018set-or-get\u2019 version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution." + "value": "Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2021/27xxx/CVE-2021-27392.json b/2021/27xxx/CVE-2021-27392.json new file mode 100644 index 00000000000..b313e232514 --- /dev/null +++ b/2021/27xxx/CVE-2021-27392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27393.json b/2021/27xxx/CVE-2021-27393.json new file mode 100644 index 00000000000..3449608b49b --- /dev/null +++ b/2021/27xxx/CVE-2021-27393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27394.json b/2021/27xxx/CVE-2021-27394.json new file mode 100644 index 00000000000..6d7900df22c --- /dev/null +++ b/2021/27xxx/CVE-2021-27394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27395.json b/2021/27xxx/CVE-2021-27395.json new file mode 100644 index 00000000000..319e1954e39 --- /dev/null +++ b/2021/27xxx/CVE-2021-27395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27396.json b/2021/27xxx/CVE-2021-27396.json new file mode 100644 index 00000000000..1f6c99fd914 --- /dev/null +++ b/2021/27xxx/CVE-2021-27396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27397.json b/2021/27xxx/CVE-2021-27397.json new file mode 100644 index 00000000000..e75d9b75c87 --- /dev/null +++ b/2021/27xxx/CVE-2021-27397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27398.json b/2021/27xxx/CVE-2021-27398.json new file mode 100644 index 00000000000..8b900d260f4 --- /dev/null +++ b/2021/27xxx/CVE-2021-27398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27399.json b/2021/27xxx/CVE-2021-27399.json new file mode 100644 index 00000000000..c496f119c89 --- /dev/null +++ b/2021/27xxx/CVE-2021-27399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file