From 7653b3202ee0d053b8a46064696a7fe7ec3daaf9 Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 12:37:07 +0100 Subject: [PATCH 1/6] Update CVE-2021-3828.json --- 2021/3xxx/CVE-2021-3828.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3828.json b/2021/3xxx/CVE-2021-3828.json index 13755c53640..ccf4ff30c30 100644 --- a/2021/3xxx/CVE-2021-3828.json +++ b/2021/3xxx/CVE-2021-3828.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inefficient Regular Expression Complexity in nltk/nltk" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nltk/nltk", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.6.3" + } + ] + } + } + ] + }, + "vendor_name": "nltk" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "nltk is vulnerable to Inefficient Regular Expression Complexity" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32" + }, + { + "name": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6", + "refsource": "MISC", + "url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6" + } + ] + }, + "source": { + "advisory": "d19aed43-75bc-4a03-91a0-4d0bb516bc32", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From cb16a495370f9046606c20d6f851ea099267ac99 Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 12:40:20 +0100 Subject: [PATCH 2/6] Update CVE-2021-3822.json --- 2021/3xxx/CVE-2021-3822.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3822.json b/2021/3xxx/CVE-2021-3822.json index 59cb045d416..9a3e8e818c9 100644 --- a/2021/3xxx/CVE-2021-3822.json +++ b/2021/3xxx/CVE-2021-3822.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inefficient Regular Expression Complexity in josdejong/jsoneditor" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "josdejong/jsoneditor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5.6" + } + ] + } + } + ] + }, + "vendor_name": "josdejong" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jsoneditor is vulnerable to Inefficient Regular Expression Complexity" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73" + }, + { + "name": "https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e", + "refsource": "MISC", + "url": "https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e" + } + ] + }, + "source": { + "advisory": "1e3ed803-b7ed-42f1-a4ea-c4c75da9de73", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From e32ca5e3eb738e00b451bc73a0a451628776600f Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 12:43:16 +0100 Subject: [PATCH 3/6] Update CVE-2021-3820.json --- 2021/3xxx/CVE-2021-3820.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3820.json b/2021/3xxx/CVE-2021-3820.json index e4b5d735420..0a373c6f234 100644 --- a/2021/3xxx/CVE-2021-3820.json +++ b/2021/3xxx/CVE-2021-3820.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inefficient Regular Expression Complexity in pksunkara/inflect" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pksunkara/inflect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.3.6" + } + ] + } + } + ] + }, + "vendor_name": "pksunkara" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "inflect is vulnerable to Inefficient Regular Expression Complexity" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/4612b31a-072b-4f61-a916-c7e4cbc2042a", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4612b31a-072b-4f61-a916-c7e4cbc2042a" + }, + { + "name": "https://github.com/pksunkara/inflect/commit/a9a0a8e9561c3487854c7cae42565d9652ec858b", + "refsource": "MISC", + "url": "https://github.com/pksunkara/inflect/commit/a9a0a8e9561c3487854c7cae42565d9652ec858b" + } + ] + }, + "source": { + "advisory": "4612b31a-072b-4f61-a916-c7e4cbc2042a", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 997245500ebef46a422b7e09098bc4a60ce54b9e Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 12:46:58 +0100 Subject: [PATCH 4/6] Update CVE-2021-3819.json --- 2021/3xxx/CVE-2021-3819.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3819.json b/2021/3xxx/CVE-2021-3819.json index 1c73b071579..a7b6d6761c4 100644 --- a/2021/3xxx/CVE-2021-3819.json +++ b/2021/3xxx/CVE-2021-3819.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "firefly-iii/firefly-iii", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.6.1" + } + ] + } + } + ] + }, + "vendor_name": "firefly-iii" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5" + }, + { + "name": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9", + "refsource": "MISC", + "url": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9" + } + ] + }, + "source": { + "advisory": "da82f7b6-4ffc-4109-87a4-a2a790bd44e5", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 319e66bb4420df93ad24ad0e512b789a7bb4113b Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 12:51:51 +0100 Subject: [PATCH 5/6] Update CVE-2021-3818.json --- 2021/3xxx/CVE-2021-3818.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3818.json b/2021/3xxx/CVE-2021-3818.json index 166226a8539..cc378690cee 100644 --- a/2021/3xxx/CVE-2021-3818.json +++ b/2021/3xxx/CVE-2021-3818.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reliance on Cookies without Validation and Integrity Checking in getgrav/grav" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "getgrav/grav", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.7.22" + } + ] + } + } + ] + }, + "vendor_name": "getgrav" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-565 Reliance on Cookies without Validation and Integrity Checking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea" + }, + { + "name": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07", + "refsource": "MISC", + "url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07" + } + ] + }, + "source": { + "advisory": "c2bc65af-7b93-4020-886e-8cdaeb0a58ea", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From eb55b11a9bcba751a4ce22c015f77fdec940dff5 Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Mon, 27 Sep 2021 13:01:30 +0100 Subject: [PATCH 6/6] Update CVE-2021-3799.json --- 2021/3xxx/CVE-2021-3799.json | 85 +++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/2021/3xxx/CVE-2021-3799.json b/2021/3xxx/CVE-2021-3799.json index da3a81896e1..a10bbb636bc 100644 --- a/2021/3xxx/CVE-2021-3799.json +++ b/2021/3xxx/CVE-2021-3799.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "getgrav/grav-plugin-admin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.10.20" + } + ] + } + } + ] + }, + "vendor_name": "getgrav" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d73f24a8-302b-4f9f-abb8-54688abd9813", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d73f24a8-302b-4f9f-abb8-54688abd9813" + }, + { + "name": "https://github.com/getgrav/grav-plugin-admin/commit/853abfbbd3c14a0a601c941dcfaa3858b6283b69", + "refsource": "MISC", + "url": "https://github.com/getgrav/grav-plugin-admin/commit/853abfbbd3c14a0a601c941dcfaa3858b6283b69" + } + ] + }, + "source": { + "advisory": "d73f24a8-302b-4f9f-abb8-54688abd9813", + "discovery": "EXTERNAL" } -} \ No newline at end of file +}