admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submissions from HackerOne from 2017-11-10.

Browse Source
This commit is contained in:
CVE Team 2017-11-13 11:17:01 -05:00
parent d3442ceb64
commit 744745adb9
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
5 changed files with 266 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2017/0xxx/CVE-2017-0889.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2017-04-21T00:00:00",
"ID" : "CVE-2017-0889",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "paperclip ruby gem",
"version" : {
"version_data" : [
{
"version_value" : "All versions since 3.1.4"
}
]
}
}
]
},
"vendor_name" : "thoughtbot"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"url" : "https://hackerone.com/reports/713"
},
{
"url" : "https://hackerone.com/reports/209430"
}
]
}

61
2017/0xxx/CVE-2017-0904.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2017-11-05T00:00:00",
"ID" : "CVE-2017-0904",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "private_address_check ruby gem",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 0.4.0"
}
]
}
}
]
},
"vendor_name" : "jtdowney"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Inherently Dangerous Function (CWE-242)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/jtdowney/private_address_check/issues/1"
},
{
"url" : "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af"
},
{
"url" : "https://edoverflow.com/2017/ruby-resolv-bug/"
},
{
"url" : "https://hackerone.com/reports/287245"
},
{
"url" : "https://hackerone.com/reports/287835"
}
]
}

55
2017/0xxx/CVE-2017-0905.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00",
"ID" : "CVE-2017-0905",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "recurly ruby gem",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3"
}
]
}
}
]
},
"vendor_name" : "Recurly"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the \"Resource#find\" method that could result in compromise of API keys or other critical resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://dev.recurly.com/page/ruby-updates"
},
{
"url" : "https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be"
},
{
"url" : "https://hackerone.com/reports/288635"
}
]
}

55
2017/0xxx/CVE-2017-0906.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00",
"ID" : "CVE-2017-0906",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "recurly python module",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2"
}
]
}
}
]
},
"vendor_name" : "Recurly"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the \"Resource.get\" method that could result in compromise of API keys or other critical resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://dev.recurly.com/page/python-updates"
},
{
"url" : "https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742"
},
{
"url" : "https://hackerone.com/reports/288635"
}
]
}

55
2017/0xxx/CVE-2017-0907.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00",
"ID" : "CVE-2017-0907",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "recurly-api-client .NET library",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1"
}
]
}
}
]
},
"vendor_name" : "Recurly"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://dev.recurly.com/page/net-updates"
},
{
"url" : "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"
},
{
"url" : "https://hackerone.com/reports/288635"
}
]
}