From 6551c86382ca29d952f5a192d2626a2842c6da2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 Apr 2021 19:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13953.json | 5 +++++ 2021/30xxx/CVE-2021-30638.json | 9 +++++---- 2021/3xxx/CVE-2021-3516.json | 18 ++++++++++++++++++ 2021/3xxx/CVE-2021-3517.json | 18 ++++++++++++++++++ 2021/3xxx/CVE-2021-3518.json | 18 ++++++++++++++++++ 5 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3516.json create mode 100644 2021/3xxx/CVE-2021-3517.json create mode 100644 2021/3xxx/CVE-2021-3518.json diff --git a/2020/13xxx/CVE-2020-13953.json b/2020/13xxx/CVE-2020-13953.json index 72194a3b02b..2bbd24e42f9 100644 --- a/2020/13xxx/CVE-2020-13953.json +++ b/2020/13xxx/CVE-2020-13953.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E", "url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later", + "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E" } ] }, diff --git a/2021/30xxx/CVE-2021-30638.json b/2021/30xxx/CVE-2021-30638.json index 77ad0430b20..faa6c867e80 100644 --- a/2021/30xxx/CVE-2021-30638.json +++ b/2021/30xxx/CVE-2021-30638.json @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.\n\n" + "value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1." } ] }, @@ -70,8 +70,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E" } ] }, @@ -84,4 +85,4 @@ "value": "Solution:\nFor Tapestry 5.4.0 to 5.6.3: upgrade to 5.6.4\nFor Tapestry 5.7.0 and 5.7.1: upgrade to 5.7.2" } ] -} +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3516.json b/2021/3xxx/CVE-2021-3516.json new file mode 100644 index 00000000000..e998930e872 --- /dev/null +++ b/2021/3xxx/CVE-2021-3516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3517.json b/2021/3xxx/CVE-2021-3517.json new file mode 100644 index 00000000000..acaaf53d2c6 --- /dev/null +++ b/2021/3xxx/CVE-2021-3517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3518.json b/2021/3xxx/CVE-2021-3518.json new file mode 100644 index 00000000000..076c002c4f9 --- /dev/null +++ b/2021/3xxx/CVE-2021-3518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file