Auto-merge PR#1384

2025-08-04 08:44:25 +00:00 · 2021-04-18 14:46:09 -04:00 · 2021-04-18 14:46:09 -04:00 · 602d0abf98
commit 602d0abf98
parent 7197a2ef31 7fd60f4bbd
1 changed files with 76 additions and 4 deletions
--- a/2021/23xxx/CVE-2021-23380.json
+++ b/2021/23xxx/CVE-2021-23380.json
@ -3,16 +3,88 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2021-04-18T18:41:36.850111Z",
        "ID": "CVE-2021-23380",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Arbitrary Command Injection"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "roar-pidusage",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": ">=",
+                                            "version_value": "0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Arbitrary Command Injection"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://snyk.io/vuln/SNYK-JS-ROARPIDUSAGE-1078528"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/Svjard/pidusage/blob/772cd2bd675ff7b1244b6fe3d7541692b1b9e42c/lib/stats.js%23L103"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects all versions of package roar-pidusage.\n If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\n\r\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
+            "baseScore": 5.6,
+            "baseSeverity": "MEDIUM",
+            "attackVector": "NETWORK",
+            "attackComplexity": "HIGH",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "LOW"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "OmniTaint"
+        }
+    ]
 }