From 54061271a6827eb1c64d99a862670b9023cb67f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 30 Mar 2020 22:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12387.json | 5 +++ 2019/12xxx/CVE-2019-12855.json | 5 +++ 2019/19xxx/CVE-2019-19605.json | 56 ++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19606.json | 56 ++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19912.json | 56 ++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19913.json | 56 ++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9512.json | 5 +++ 2019/9xxx/CVE-2019-9514.json | 5 +++ 2019/9xxx/CVE-2019-9515.json | 5 +++ 2020/10xxx/CVE-2020-10108.json | 5 +++ 2020/10xxx/CVE-2020-10109.json | 5 +++ 2020/10xxx/CVE-2020-10374.json | 61 ++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11104.json | 62 +++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11105.json | 62 +++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11106.json | 62 +++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11107.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6095.json | 9 +++-- 2020/7xxx/CVE-2020-7611.json | 63 ++++++++++++++++++++++++++++++++-- 18 files changed, 561 insertions(+), 35 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11104.json create mode 100644 2020/11xxx/CVE-2020-11105.json create mode 100644 2020/11xxx/CVE-2020-11106.json create mode 100644 2020/11xxx/CVE-2020-11107.json diff --git a/2019/12xxx/CVE-2019-12387.json b/2019/12xxx/CVE-2019-12387.json index 20997dd4232..377e2d6e1d3 100644 --- a/2019/12xxx/CVE-2019-12387.json +++ b/2019/12xxx/CVE-2019-12387.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b67877d7c2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12855.json b/2019/12xxx/CVE-2019-12855.json index d60a7f5d39c..a7cb060cff4 100644 --- a/2019/12xxx/CVE-2019-12855.json +++ b/2019/12xxx/CVE-2019-12855.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2110", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19605.json b/2019/19xxx/CVE-2019-19605.json index c8e326c653c..21974996b80 100644 --- a/2019/19xxx/CVE-2019-19605.json +++ b/2019/19xxx/CVE-2019-19605.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19605", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19605", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html", + "url": "https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19606.json b/2019/19xxx/CVE-2019-19606.json index 4daecb4950f..dc77ded751d 100644 --- a/2019/19xxx/CVE-2019-19606.json +++ b/2019/19xxx/CVE-2019-19606.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19606", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19606", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html", + "url": "https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19912.json b/2019/19xxx/CVE-2019-19912.json index b8d8fe21477..72e634687b0 100644 --- a/2019/19xxx/CVE-2019-19912.json +++ b/2019/19xxx/CVE-2019-19912.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19912", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19912", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html" } ] } diff --git a/2019/19xxx/CVE-2019-19913.json b/2019/19xxx/CVE-2019-19913.json index 2df9e85d316..08865aea38d 100644 --- a/2019/19xxx/CVE-2019-19913.json +++ b/2019/19xxx/CVE-2019-19913.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19913", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19913", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html" } ] } diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index 9ca3f401de2..e7412499f3c 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -393,6 +393,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0727", "url": "https://access.redhat.com/errata/RHSA-2020:0727" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index 14620f7b928..50e8b058f5c 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -393,6 +393,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0727", "url": "https://access.redhat.com/errata/RHSA-2020:0727" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] }, diff --git a/2019/9xxx/CVE-2019-9515.json b/2019/9xxx/CVE-2019-9515.json index ad4174c650d..749f20dd68a 100644 --- a/2019/9xxx/CVE-2019-9515.json +++ b/2019/9xxx/CVE-2019-9515.json @@ -263,6 +263,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0727", "url": "https://access.redhat.com/errata/RHSA-2020:0727" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] }, diff --git a/2020/10xxx/CVE-2020-10108.json b/2020/10xxx/CVE-2020-10108.json index e9cc5c2e5e3..32da22c5ee3 100644 --- a/2020/10xxx/CVE-2020-10108.json +++ b/2020/10xxx/CVE-2020-10108.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-16dc0da400", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10109.json b/2020/10xxx/CVE-2020-10109.json index cf0025b684d..37615f37136 100644 --- a/2020/10xxx/CVE-2020-10109.json +++ b/2020/10xxx/CVE-2020-10109.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-16dc0da400", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4308-1", + "url": "https://usn.ubuntu.com/4308-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10374.json b/2020/10xxx/CVE-2020-10374.json index 3f43e1a4b65..c8e4139f0c9 100644 --- a/2020/10xxx/CVE-2020-10374.json +++ b/2020/10xxx/CVE-2020-10374.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.paessler.com/prtg/history/stable#20.1.57.1745", + "url": "https://www.paessler.com/prtg/history/stable#20.1.57.1745" + }, + { + "refsource": "MISC", + "name": "https://kb.paessler.com/en/topic/87668-how-can-i-mitigate-cve-2020-10374-until-i-can-update", + "url": "https://kb.paessler.com/en/topic/87668-how-can-i-mitigate-cve-2020-10374-until-i-can-update" } ] } diff --git a/2020/11xxx/CVE-2020-11104.json b/2020/11xxx/CVE-2020-11104.json new file mode 100644 index 00000000000..2eaa1d775a6 --- /dev/null +++ b/2020/11xxx/CVE-2020-11104.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/USCiLab/cereal/issues/625", + "refsource": "MISC", + "name": "https://github.com/USCiLab/cereal/issues/625" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11105.json b/2020/11xxx/CVE-2020-11105.json new file mode 100644 index 00000000000..b993ed3a452 --- /dev/null +++ b/2020/11xxx/CVE-2020-11105.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/USCiLab/cereal/issues/636", + "refsource": "MISC", + "name": "https://github.com/USCiLab/cereal/issues/636" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11106.json b/2020/11xxx/CVE-2020-11106.json new file mode 100644 index 00000000000..5713199c9ca --- /dev/null +++ b/2020/11xxx/CVE-2020-11106.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF'][\"view_type\"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the \"view\" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF'][\"view_type\"] variable, but there it wasn't sanitized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/trippo/ResponsiveFilemanager/issues/603", + "refsource": "MISC", + "name": "https://github.com/trippo/ResponsiveFilemanager/issues/603" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11107.json b/2020/11xxx/CVE-2020-11107.json new file mode 100644 index 00000000000..26d58fd8853 --- /dev/null +++ b/2020/11xxx/CVE-2020-11107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6095.json b/2020/6xxx/CVE-2020-6095.json index 027f99afeee..3d4dbfb48cd 100644 --- a/2020/6xxx/CVE-2020-6095.json +++ b/2020/6xxx/CVE-2020-6095.json @@ -46,8 +46,13 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018", - "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018" + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a", + "url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a" } ] }, diff --git a/2020/7xxx/CVE-2020-7611.json b/2020/7xxx/CVE-2020-7611.json index 59c209ba5c7..f4613187f4c 100644 --- a/2020/7xxx/CVE-2020-7611.json +++ b/2020/7xxx/CVE-2020-7611.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "io.micronaut:micronaut-http-client", + "version": { + "version_data": [ + { + "version_value": "all versions before 1.2.11" + }, + { + "version_value": "all versions from 1.3.0 before 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Header Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342", + "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342" + }, + { + "refsource": "MISC", + "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm", + "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm" + }, + { + "refsource": "MISC", + "name": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1", + "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client." } ] }