"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2022-05-20 11:01:38 +00:00 · 2022-05-20 11:01:38 +00:00 · 6dfaee5be1
commit 6dfaee5be1
parent ce0676aabc
3 changed files with 70 additions and 3 deletions
--- a/2022/25xxx/CVE-2022-25229.json
+++ b/2022/25xxx/CVE-2022-25229.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-25229",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "help@fluidattacks.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Popcorn Time",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "0.4.7"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "XSS to RCE"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://fluidattacks.com/advisories/bowie/",
+                "url": "https://fluidattacks.com/advisories/bowie/"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands."
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29155.json
+++ b/2022/29xxx/CVE-2022-29155.json
@ -56,6 +56,11 @@
                "url": "https://bugs.openldap.org/show_bug.cgi?id=9815",
                "refsource": "MISC",
                "name": "https://bugs.openldap.org/show_bug.cgi?id=9815"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-5140",
+                "url": "https://www.debian.org/security/2022/dsa-5140"
            }
        ]
    }
--- a/2022/31xxx/CVE-2022-31257.json
+++ b/2022/31xxx/CVE-2022-31257.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-31257",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}