From 56d7e7b2aa8fa20ae99354081a6bd30c13fbe9f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Nov 2020 00:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7670.json | 17 +++++++++++------ 2020/9xxx/CVE-2020-9283.json | 5 +++++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/2020/7xxx/CVE-2020-7670.json b/2020/7xxx/CVE-2020-7670.json index f7a7a92258f..09ab8c91023 100644 --- a/2020/7xxx/CVE-2020-7670.json +++ b/2020/7xxx/CVE-2020-7670.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions including 2.12.3" + "version_value": "versions prior to 2.14.0" } ] } @@ -46,13 +46,18 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://github.com/ohler55/agoo/issues/88,", - "url": "https://github.com/ohler55/agoo/issues/88," + "name": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137", + "url": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137" }, { "refsource": "MISC", - "name": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137", - "url": "https://snyk.io/vuln/SNYK-RUBY-AGOO-569137" + "name": "https://github.com/ohler55/agoo/issues/88", + "url": "https://github.com/ohler55/agoo/issues/88" + }, + { + "refsource": "MISC", + "name": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130", + "url": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130" } ] }, @@ -60,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks." + "value": "agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing." } ] } diff --git a/2020/9xxx/CVE-2020-9283.json b/2020/9xxx/CVE-2020-9283.json index 43644605dfb..c03162020c6 100644 --- a/2020/9xxx/CVE-2020-9283.json +++ b/2020/9xxx/CVE-2020-9283.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2402-1] golang-go.crypto security update", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201116 [SECURITY] [DLA 2453-1] restic security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html" } ] }