From 64e0592871fae9fe7ac14a29053e997d51a9e561 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Nov 2020 13:02:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14040.json | 5 +++++ 2018/14xxx/CVE-2018-14041.json | 5 +++++ 2018/14xxx/CVE-2018-14042.json | 5 +++++ 2019/8xxx/CVE-2019-8331.json | 5 +++++ 2020/7xxx/CVE-2020-7765.json | 17 ++++++++++------- 2020/7xxx/CVE-2020-7773.json | 17 ++++++++++------- 6 files changed, 40 insertions(+), 14 deletions(-) diff --git a/2018/14xxx/CVE-2018-14040.json b/2018/14xxx/CVE-2018-14040.json index 50a2829c9d0..e3562331701 100644 --- a/2018/14xxx/CVE-2018-14040.json +++ b/2018/14xxx/CVE-2018-14040.json @@ -126,6 +126,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", + "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14041.json b/2018/14xxx/CVE-2018-14041.json index 85314e4d0fd..186197313f2 100644 --- a/2018/14xxx/CVE-2018-14041.json +++ b/2018/14xxx/CVE-2018-14041.json @@ -126,6 +126,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", + "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14042.json b/2018/14xxx/CVE-2018-14042.json index 156b417807e..5202767d3eb 100644 --- a/2018/14xxx/CVE-2018-14042.json +++ b/2018/14xxx/CVE-2018-14042.json @@ -116,6 +116,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", + "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2019/8xxx/CVE-2019-8331.json b/2019/8xxx/CVE-2019-8331.json index 8a0de13d448..f8a7d565b7d 100644 --- a/2019/8xxx/CVE-2019-8331.json +++ b/2019/8xxx/CVE-2019-8331.json @@ -166,6 +166,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", + "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2020/7xxx/CVE-2020-7765.json b/2020/7xxx/CVE-2020-7765.json index b9db0f0cf43..cae15242322 100644 --- a/2020/7xxx/CVE-2020-7765.json +++ b/2020/7xxx/CVE-2020-7765.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324", + "name": "https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324" }, { - "refsource": "CONFIRM", - "url": "https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada" + "refsource": "MISC", + "url": "https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada", + "name": "https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada" }, { - "refsource": "CONFIRM", - "url": "https://github.com/firebase/firebase-js-sdk/pull/4001" + "refsource": "MISC", + "url": "https://github.com/firebase/firebase-js-sdk/pull/4001", + "name": "https://github.com/firebase/firebase-js-sdk/pull/4001" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package @firebase/util before 0.3.4.\n This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. \r\n\r\n" + "value": "This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program." } ] }, diff --git a/2020/7xxx/CVE-2020-7773.json b/2020/7xxx/CVE-2020-7773.json index 4b721316438..244e1265eab 100644 --- a/2020/7xxx/CVE-2020-7773.json +++ b/2020/7xxx/CVE-2020-7773.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-MARKDOWNITHIGHLIGHTJS-1040461" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-MARKDOWNITHIGHLIGHTJS-1040461", + "name": "https://snyk.io/vuln/SNYK-JS-MARKDOWNITHIGHLIGHTJS-1040461" }, { - "refsource": "CONFIRM", - "url": "https://github.com/valeriangalliat/markdown-it-highlightjs/pull/14" + "refsource": "MISC", + "url": "https://github.com/valeriangalliat/markdown-it-highlightjs/pull/14", + "name": "https://github.com/valeriangalliat/markdown-it-highlightjs/pull/14" }, { - "refsource": "CONFIRM", - "url": "https://github.com/valeriangalliat/markdown-it-highlightjs/blob/v3.3.0/index.js%23L52" + "refsource": "MISC", + "url": "https://github.com/valeriangalliat/markdown-it-highlightjs/blob/v3.3.0/index.js%23L52", + "name": "https://github.com/valeriangalliat/markdown-it-highlightjs/blob/v3.3.0/index.js%23L52" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package markdown-it-highlightjs before 3.3.1.\n It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature.\r\n\r\n\r\nconst markdownItHighlightjs = require(\"markdown-it-highlightjs\");\r\nconst md = require('markdown-it');\r\n\r\nconst reuslt_xss = md()\r\n.use(markdownItHighlightjs, { inline: true })\r\n.render('console.log(42){.\">js}');\r\n\r\nconsole.log(reuslt_xss);\r\n\n" + "value": "This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(\"markdown-it-highlightjs\"); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){.\">js}'); console.log(reuslt_xss);" } ] },