From 75b06349c05d2fbacfada9c09277e67c70846945 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Apr 2025 14:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/29xxx/CVE-2025-29927.json | 32 +++++++++++-- 2025/30xxx/CVE-2025-30150.json | 66 ++++++++++++++++++++++++-- 2025/30xxx/CVE-2025-30151.json | 84 ++++++++++++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31481.json | 18 +++++++- 2025/31xxx/CVE-2025-31485.json | 18 +++++++- 2025/31xxx/CVE-2025-31498.json | 68 +++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3447.json | 18 ++++++++ 7 files changed, 284 insertions(+), 20 deletions(-) create mode 100644 2025/3xxx/CVE-2025-3447.json diff --git a/2025/29xxx/CVE-2025-29927.json b/2025/29xxx/CVE-2025-29927.json index 3e81c80c598..37d5bc09bd2 100644 --- a/2025/29xxx/CVE-2025-29927.json +++ b/2025/29xxx/CVE-2025-29927.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3." + "value": "Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3." } ] }, @@ -41,15 +41,19 @@ "version_data": [ { "version_affected": "=", - "version_value": ">= 11.1.4, <= 1 3.5.6" + "version_value": ">= 11.1.4, < 12.3.5" }, { "version_affected": "=", - "version_value": "> 14.0.0, < 14.2.25" + "version_value": ">= 14.0.0, < 14.2.25" }, { "version_affected": "=", - "version_value": "> 15.0.0, < 15.2.3" + "version_value": ">= 15.0.0, < 15.2.3" + }, + { + "version_affected": "=", + "version_value": ">= 13.0.0, < 13.5.9" } ] } @@ -66,6 +70,26 @@ "url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw", "refsource": "MISC", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw" + }, + { + "url": "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2" + }, + { + "url": "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48" + }, + { + "url": "https://github.com/vercel/next.js/releases/tag/v12.3.5", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/releases/tag/v12.3.5" + }, + { + "url": "https://github.com/vercel/next.js/releases/tag/v13.5.9", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/releases/tag/v13.5.9" } ] }, diff --git a/2025/30xxx/CVE-2025-30150.json b/2025/30xxx/CVE-2025-30150.json index 750c6225057..edeccadbe7c 100644 --- a/2025/30xxx/CVE-2025-30150.json +++ b/2025/30xxx/CVE-2025-30150.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-204: Observable Response Discrepancy", + "cweId": "CWE-204" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "shopware", + "product": { + "product_data": [ + { + "product_name": "shopware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.5.8.17" + }, + { + "version_affected": "=", + "version_value": ">= 6.6.0.0, < 6.6.10.3" + }, + { + "version_affected": "=", + "version_value": ">= 6.7.0.0-rc1, < 6.7.0.0-rc2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h", + "refsource": "MISC", + "name": "https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h" + } + ] + }, + "source": { + "advisory": "GHSA-hh7j-6x3q-f52h", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30151.json b/2025/30xxx/CVE-2025-30151.json index fcb1e0638f8..2d2e29e18c6 100644 --- a/2025/30xxx/CVE-2025-30151.json +++ b/2025/30xxx/CVE-2025-30151.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "shopware", + "product": { + "product_data": [ + { + "product_name": "shopware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.5.8.17" + }, + { + "version_affected": "=", + "version_value": ">= 6.6.0.0, < 6.6.10.3" + }, + { + "version_affected": "=", + "version_value": ">= 6.7.0.0-rc1, < 6.7.0.0-rc2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2", + "refsource": "MISC", + "name": "https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2" + } + ] + }, + "source": { + "advisory": "GHSA-cgfj-hj93-rmh2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31481.json b/2025/31xxx/CVE-2025-31481.json index d8d4627cf39..baa5f55c529 100644 --- a/2025/31xxx/CVE-2025-31481.json +++ b/2025/31xxx/CVE-2025-31481.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22." + "value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17." } ] }, @@ -41,7 +41,11 @@ "version_data": [ { "version_affected": "=", - "version_value": "< 4.0.22" + "version_value": ">= 4.0.0, < 4.0.22" + }, + { + "version_affected": "=", + "version_value": "< 3.4.17" } ] } @@ -59,10 +63,20 @@ "refsource": "MISC", "name": "https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m" }, + { + "url": "https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb" + }, { "url": "https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568", "refsource": "MISC", "name": "https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568" + }, + { + "url": "https://github.com/api-platform/core/releases/tag/v3.4.17", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/releases/tag/v3.4.17" } ] }, diff --git a/2025/31xxx/CVE-2025-31485.json b/2025/31xxx/CVE-2025-31485.json index 54ee9df6577..40ac606f7ca 100644 --- a/2025/31xxx/CVE-2025-31485.json +++ b/2025/31xxx/CVE-2025-31485.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\\GraphQl\\Serializer\\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22." + "value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\\GraphQl\\Serializer\\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22 and 3.4.17." } ] }, @@ -41,7 +41,11 @@ "version_data": [ { "version_affected": "=", - "version_value": "< 4.0.22" + "version_value": ">= 4.0.0, < 4.0.22" + }, + { + "version_affected": "=", + "version_value": "< 3.4.17" } ] } @@ -63,6 +67,16 @@ "url": "https://github.com/api-platform/core/commit/7af65aad13037d7649348ee3dcd88e084ef771f8", "refsource": "MISC", "name": "https://github.com/api-platform/core/commit/7af65aad13037d7649348ee3dcd88e084ef771f8" + }, + { + "url": "https://github.com/api-platform/core/commit/cba3acfbd517763cf320167250c5bed6d569696a", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/commit/cba3acfbd517763cf320167250c5bed6d569696a" + }, + { + "url": "https://github.com/api-platform/core/releases/tag/v3.4.17", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/releases/tag/v3.4.17" } ] }, diff --git a/2025/31xxx/CVE-2025-31498.json b/2025/31xxx/CVE-2025-31498.json index c1ce635e381..e401b6cc9a5 100644 --- a/2025/31xxx/CVE-2025-31498.json +++ b/2025/31xxx/CVE-2025-31498.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "c-ares", + "product": { + "product_data": [ + { + "product_name": "c-ares", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.32.3, < 1.34.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", + "refsource": "MISC", + "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v" + }, + { + "url": "https://github.com/c-ares/c-ares/pull/821", + "refsource": "MISC", + "name": "https://github.com/c-ares/c-ares/pull/821" + }, + { + "url": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", + "refsource": "MISC", + "name": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1" + } + ] + }, + "source": { + "advisory": "GHSA-6hxc-62jh-p29v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3447.json b/2025/3xxx/CVE-2025-3447.json new file mode 100644 index 00000000000..10dba8385c5 --- /dev/null +++ b/2025/3xxx/CVE-2025-3447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file