From 706d351662b8735cee7b971f86c18ca43266d9e8 Mon Sep 17 00:00:00 2001
From: Robert Schultheis <robert.schultheis@gmail.com>
Date: Tue, 14 Jul 2020 15:14:26 -0600
Subject: [PATCH] add CVE-2020-11084 for GHSA-4xvp-35fx-hjjj

---
 2020/11xxx/CVE-2020-11084.json | 80 +++++++++++++++++++++++++++++++---
 1 file changed, 74 insertions(+), 6 deletions(-)

diff --git a/2020/11xxx/CVE-2020-11084.json b/2020/11xxx/CVE-2020-11084.json
index 88e9303e38d..58b5eb28e10 100644
--- a/2020/11xxx/CVE-2020-11084.json
+++ b/2020/11xxx/CVE-2020-11084.json
@@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
         "ID": "CVE-2020-11084",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Command Injection in iPear"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "iPear",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 0.6.14, <= 0.6.15"
+                                        },
+                                        {
+                                            "version_value": "= 0.7.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "yaBobJonez"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via \"For Developers\" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-4xvp-35fx-hjjj",
+        "discovery": "UNKNOWN"
     }
 }
\ No newline at end of file