"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-11-17 00:01:38 +00:00 · 2020-11-17 00:01:38 +00:00 · 56d7e7b2aa
commit 56d7e7b2aa
parent 6847e8fd05
2 changed files with 16 additions and 6 deletions
--- a/2020/7xxx/CVE-2020-7670.json
+++ b/2020/7xxx/CVE-2020-7670.json
@ -19,7 +19,7 @@
                                "version": {
                                    "version_data": [
                                        {
-                                            "version_value": "All versions including 2.12.3"
+                                            "version_value": "versions prior to 2.14.0"
                                        }
                                    ]
                                }
@ -46,13 +46,18 @@
        "reference_data": [
            {
                "refsource": "MISC",
-                "name": "https://github.com/ohler55/agoo/issues/88,",
-                "url": "https://github.com/ohler55/agoo/issues/88,"
+                "name": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137",
+                "url": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137"
            },
            {
                "refsource": "MISC",
-                "name": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137",
-                "url": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137"
+                "name": "https://github.com/ohler55/agoo/issues/88",
+                "url": "https://github.com/ohler55/agoo/issues/88"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
+                "url": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130"
            }
        ]
    },
@ -60,7 +65,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."
+                "value": "agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing."
            }
        ]
    }
--- a/2020/9xxx/CVE-2020-9283.json
+++ b/2020/9xxx/CVE-2020-9283.json
@ -66,6 +66,11 @@
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2402-1] golang-go.crypto security update",
                "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20201116 [SECURITY] [DLA 2453-1] restic security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"
            }
        ]
    }