"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2022-10-26 17:00:31 +00:00 · 2022-10-26 17:00:31 +00:00 · 493a8d0c65
commit 493a8d0c65
parent 9770629074
4 changed files with 38 additions and 15 deletions
--- a/2022/39xxx/CVE-2022-39944.json
+++ b/2022/39xxx/CVE-2022-39944.json
@ -43,7 +43,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.\n"
+                "value": "In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0."
            }
        ]
    },
@ -70,8 +70,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc",
+                "name": "https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc"
            }
        ]
    },
@ -84,4 +85,4 @@
            "value": " <= 1.2.0 users should upgrade to 1.3.0. \nOr upgrade the materials of JDBC EngineConn separately, you can refer to: https://github.com/apache/incubator-linkis/tree/master/linkis-engineconn-plugins/jdbc"
        }
    ]
-}
+}
--- a/2022/3xxx/CVE-2022-3703.json
+++ b/2022/3xxx/CVE-2022-3703.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-3703",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2022/42xxx/CVE-2022-42468.json
+++ b/2022/42xxx/CVE-2022-42468.json
@ -42,7 +42,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. "
+                "value": "Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol."
            }
        ]
    },
@ -75,16 +75,19 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://issues.apache.org/jira/browse/FLUME-3437"
+                "refsource": "MISC",
+                "url": "https://issues.apache.org/jira/browse/FLUME-3437",
+                "name": "https://issues.apache.org/jira/browse/FLUME-3437"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread/939wkx8o90bp6m2ht3t1sdyo1ncypl78"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread/939wkx8o90bp6m2ht3t1sdyo1ncypl78",
+                "name": "https://lists.apache.org/thread/939wkx8o90bp6m2ht3t1sdyo1ncypl78"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread/1ckhmp539zr2nd2rs45pocpywk2d9zvz"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread/1ckhmp539zr2nd2rs45pocpywk2d9zvz",
+                "name": "https://lists.apache.org/thread/1ckhmp539zr2nd2rs45pocpywk2d9zvz"
            }
        ]
    },
@ -121,4 +124,4 @@
            "value": "Release available"
        }
    ]
-}
+}
--- a/2022/43xxx/CVE-2022-43766.json
+++ b/2022/43xxx/CVE-2022-43766.json
@ -73,12 +73,13 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn",
+                "name": "https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}