mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
fded1b2b62
commit
6401df4cc0
@ -48,12 +48,14 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953"
|
||||
"refsource": "MISC",
|
||||
"url": "https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953",
|
||||
"name": "https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/celery/celery/blob/master/Changelog.rst%23522"
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/celery/celery/blob/master/Changelog.rst%23522",
|
||||
"name": "https://github.com/celery/celery/blob/master/Changelog.rst%23522"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -61,7 +63,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This affects the package celery before 5.2.2.\n It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.\r\n\r\n\r\n"
|
||||
"value": "This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim."
|
||||
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -85,12 +85,14 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718",
|
||||
"name": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
|
||||
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993",
|
||||
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -104,4 +106,4 @@
|
||||
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -34,7 +34,7 @@
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Shabhum Shah "
|
||||
"value": "Shubham Shah "
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
@ -103,6 +103,6 @@
|
||||
"defect": [
|
||||
"CVE-2021-35232"
|
||||
],
|
||||
"discovery": "UNKNOWN"
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-45885",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-45885",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://advisories.stormshield.eu",
|
||||
"refsource": "MISC",
|
||||
"name": "https://advisories.stormshield.eu"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://advisories.stormshield.eu/2021-069/",
|
||||
"url": "https://advisories.stormshield.eu/2021-069/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user