mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
d55b79a7ed
commit
47901aa84c
@ -53,30 +53,30 @@
|
||||
"product_name": "protobuf-python",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.16.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.17.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.18.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.19.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.20.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "4.21.5"
|
||||
}
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.16.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.17.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.18.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.19.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.20.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "4.21.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -100,7 +100,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
|
||||
"value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -109,17 +109,17 @@
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "ADJACENT",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "ADJACENT",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
@ -137,7 +137,7 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://cloud.google.com/support/bulletins#GCP-2022-019",
|
||||
"name": "https://cloud.google.com/support/bulletins#GCP-2022-019",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
|
||||
}
|
||||
@ -146,5 +146,4 @@
|
||||
"source": {
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14."
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -61,8 +61,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
|
||||
"name": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14."
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -61,8 +61,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
|
||||
"name": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14."
|
||||
"value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -61,12 +61,13 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
|
||||
"name": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user