mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 11:06:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
e52425476c
commit
6b1a26d235
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function."
|
||||
"value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,16 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
|
||||
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894",
|
||||
"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/",
|
||||
"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components."
|
||||
"value": "** DISPUTED ** Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -52,6 +52,11 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/r3ggi/electroniz3r",
|
||||
"url": "https://github.com/r3ggi/electroniz3r"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/V3x0r/CVE-2024-23743",
|
||||
|
||||
@ -1,17 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2133",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine problematische Schwachstelle in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /dashboard/Cinvoice/manage_invoice der Komponente Manage Sale Page. Durch das Beeinflussen des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross Site Scripting",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Bdtask",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Isshue Multi Store eCommerce Shopping Cart Solution",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.255495",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.255495"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.255495",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.255495"
|
||||
},
|
||||
{
|
||||
"url": "https://drive.google.com/file/d/1cTdMIRngxo1ujqNXwj6nU4zyeeV_sfXD/view?usp=drivesdk",
|
||||
"refsource": "MISC",
|
||||
"name": "https://drive.google.com/file/d/1cTdMIRngxo1ujqNXwj6nU4zyeeV_sfXD/view?usp=drivesdk"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "srivishnu (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 2.4,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 2.4,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 3.3,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user