"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-04-27 19:00:48 +00:00 · 2021-04-27 19:00:48 +00:00 · 6551c86382
commit 6551c86382
parent 6860b96355
5 changed files with 64 additions and 4 deletions
--- a/2020/13xxx/CVE-2020-13953.json
+++ b/2020/13xxx/CVE-2020-13953.json
@ -48,6 +48,11 @@
                "refsource": "MISC",
                "name": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E",
                "url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
+                "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E"
            }
        ]
    },
--- a/2021/30xxx/CVE-2021-30638.json
+++ b/2021/30xxx/CVE-2021-30638.json
@ -48,7 +48,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL.  This was caused by an incomplete fix for CVE-2020-13953.  This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.\n\n"
+                "value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1."
            }
        ]
    },
@ -70,8 +70,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E",
+                "name": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
            }
        ]
    },
@ -84,4 +85,4 @@
            "value": "Solution:\nFor Tapestry 5.4.0 to 5.6.3: upgrade to 5.6.4\nFor Tapestry 5.7.0 and 5.7.1: upgrade to 5.7.2"
        }
    ]
-}
+}
--- a/2021/3xxx/CVE-2021-3516.json
+++ b/2021/3xxx/CVE-2021-3516.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3516",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2021/3xxx/CVE-2021-3517.json
+++ b/2021/3xxx/CVE-2021-3517.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3517",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2021/3xxx/CVE-2021-3518.json
+++ b/2021/3xxx/CVE-2021-3518.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3518",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}