admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-18 17:00:41 +00:00
parent 746c2a9e85
commit 458a3901fb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 201 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2020/28xxx/CVE-2020-28463.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145",
"name": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
},
{
"refsource": "CONFIRM",
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
"refsource": "MISC",
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf",
"name": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation)\r\n\r\nSteps to reproduce by Karan Bamal:\r\n\r\n1. Download and install the latest package of reportlab\r\n2. Go to demos -> odyssey -> dodyssey\r\n3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=\"http://127.0.0.1:5000\" valign=\"top\"/>\r\n4. Create a nc listener nc -lp 5000\r\n5. Run python3 dodyssey.py\r\n6. You will get a hit on your nc showing we have successfully proceded to send a server side request\r\n7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF\n"
"value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=\"http://127.0.0.1:5000\" valign=\"top\"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF"
}
]
},

17
2020/28xxx/CVE-2020-28491.json
View File

@ -60,16 +60,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186",
"name": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6",
"name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
}
]
},
@ -77,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.\n Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.\n"
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
}
]
},

17
2020/28xxx/CVE-2020-28499.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987",
"name": "https://snyk.io/vuln/SNYK-JS-MERGE-1042987"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1071049"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64"
"refsource": "MISC",
"url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64",
"name": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . \r\n\r\n"
"value": "All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge ."
}
]
},

32
2021/23xxx/CVE-2021-23341.json
View File

@ -48,28 +48,34 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581",
"name": "https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609"
"refsource": "MISC",
"url": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609",
"name": "https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/PrismJS/prism/issues/2583"
"refsource": "MISC",
"url": "https://github.com/PrismJS/prism/issues/2583",
"name": "https://github.com/PrismJS/prism/issues/2583"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/PrismJS/prism/pull/2584"
"refsource": "MISC",
"url": "https://github.com/PrismJS/prism/pull/2584",
"name": "https://github.com/PrismJS/prism/pull/2584"
}
]
},
@ -77,7 +83,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.\n"
"value": "The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components."
}
]
},

12
2021/25xxx/CVE-2021-25913.json
View File

@ -44,6 +44,16 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913"
},
{
"refsource": "MISC",
"name": "https://github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936",
"url": "https://github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936"
},
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913",
@ -60,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prototype pollution vulnerability in \u2018set-or-get\u2019 version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution."
"value": "Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution."
}
]
}

18
2021/27xxx/CVE-2021-27392.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27393.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27394.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27395.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27396.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27397.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27398.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27399.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}