From 7034f6c94b0b4b2314520dc400ce42f2b7bb4fb8 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Fri, 4 Nov 2022 19:00:57 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2022/31xxx/CVE-2022-31691.json | 50 ++++++++++++++++++++++++++++++++--
 2023/21xxx/CVE-2023-21414.json | 18 ++++++++++++
 2023/21xxx/CVE-2023-21415.json | 18 ++++++++++++
 2023/21xxx/CVE-2023-21416.json | 18 ++++++++++++
 2023/21xxx/CVE-2023-21417.json | 18 ++++++++++++
 2023/21xxx/CVE-2023-21418.json | 18 ++++++++++++
 6 files changed, 137 insertions(+), 3 deletions(-)
 create mode 100644 2023/21xxx/CVE-2023-21414.json
 create mode 100644 2023/21xxx/CVE-2023-21415.json
 create mode 100644 2023/21xxx/CVE-2023-21416.json
 create mode 100644 2023/21xxx/CVE-2023-21417.json
 create mode 100644 2023/21xxx/CVE-2023-21418.json

diff --git a/2022/31xxx/CVE-2022-31691.json b/2022/31xxx/CVE-2022-31691.json
index d8e73b12303..cd56013bb5a 100644
--- a/2022/31xxx/CVE-2022-31691.json
+++ b/2022/31xxx/CVE-2022-31691.json
@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2022-31691",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@vmware.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Spring by VMware",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Potential Remote Code Execution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://tanzu.vmware.com/security/cve-2022-31691",
+                "url": "https://tanzu.vmware.com/security/cve-2022-31691"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker."
             }
         ]
     }
diff --git a/2023/21xxx/CVE-2023-21414.json b/2023/21xxx/CVE-2023-21414.json
new file mode 100644
index 00000000000..d95edea8b80
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21414.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-21414",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21415.json b/2023/21xxx/CVE-2023-21415.json
new file mode 100644
index 00000000000..5c043a3427e
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21415.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-21415",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21416.json b/2023/21xxx/CVE-2023-21416.json
new file mode 100644
index 00000000000..9314ef1f050
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21416.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-21416",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21417.json b/2023/21xxx/CVE-2023-21417.json
new file mode 100644
index 00000000000..afcbbf5540c
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21417.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-21417",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21418.json b/2023/21xxx/CVE-2023-21418.json
new file mode 100644
index 00000000000..ed2ddfb031b
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21418.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-21418",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file