add CVE-2020-11084 for GHSA-4xvp-35fx-hjjj

2025-08-04 08:44:25 +00:00 · 2020-07-14 15:14:26 -06:00 · 2020-07-14 15:14:26 -06:00 · 706d351662
commit 706d351662
parent 48ae406266
1 changed files with 74 additions and 6 deletions
--- a/2020/11xxx/CVE-2020-11084.json
+++ b/2020/11xxx/CVE-2020-11084.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11084",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Command Injection in iPear"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "iPear",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 0.6.14, <= 0.6.15"
+                                        },
+                                        {
+                                            "version_value": "= 0.7.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "yaBobJonez"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via \"For Developers\" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-4xvp-35fx-hjjj",
+        "discovery": "UNKNOWN"
    }
 }