From 7885e87d0dba5a66e807e6603d50a3f5f45ebb8e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Jun 2023 19:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/43xxx/CVE-2022-43684.json | 129 ++++++++++++++++++++++++- 2023/27xxx/CVE-2023-27836.json | 56 +++++++++-- 2023/28xxx/CVE-2023-28598.json | 4 +- 2023/28xxx/CVE-2023-28599.json | 12 +-- 2023/28xxx/CVE-2023-28600.json | 4 +- 2023/28xxx/CVE-2023-28601.json | 4 +- 2023/28xxx/CVE-2023-28602.json | 4 +- 2023/28xxx/CVE-2023-28603.json | 6 +- 2023/34xxx/CVE-2023-34113.json | 4 +- 2023/34xxx/CVE-2023-34114.json | 89 +++++++++++++++++- 2023/34xxx/CVE-2023-34115.json | 78 +++++++++++++++- 2023/34xxx/CVE-2023-34120.json | 14 +-- 2023/34xxx/CVE-2023-34121.json | 21 +++-- 2023/34xxx/CVE-2023-34122.json | 4 +- 2023/34xxx/CVE-2023-34965.json | 66 +++++++++++-- 2023/3xxx/CVE-2023-3224.json | 166 ++++++++++++++++----------------- 16 files changed, 519 insertions(+), 142 deletions(-) diff --git a/2022/43xxx/CVE-2022-43684.json b/2022/43xxx/CVE-2022-43684.json index ff6d6859474..eb8f3e03091 100644 --- a/2022/43xxx/CVE-2022-43684.json +++ b/2022/43xxx/CVE-2022-43684.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@servicenow.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ServiceNow", + "product": { + "product_data": [ + { + "product_name": "Now Platform", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Quebec", + "version_value": "Patch 10 Hot Fix 8b" + }, + { + "version_affected": "<", + "version_name": "Rome", + "version_value": "Patch 10 Hot Fix 1" + }, + { + "version_affected": "<", + "version_name": "San Diego", + "version_value": "Patch 7" + }, + { + "version_affected": "<", + "version_name": "Tokyo", + "version_value": "Tokyo Patch 1" + }, + { + "version_affected": "<", + "version_name": "Utah", + "version_value": "Utah General Availability (GA)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489", + "refsource": "MISC", + "name": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Luke Symons" + }, + { + "lang": "en", + "value": "Tony Wu" + }, + { + "lang": "en", + "value": "Eldar Marcussen" + }, + { + "lang": "en", + "value": "Gareth Phillips" + }, + { + "lang": "en", + "value": "Jeff Thomas" + }, + { + "lang": "en", + "value": "Nadeem Salim" + }, + { + "lang": "en", + "value": "Stephen Bradshaw" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27836.json b/2023/27xxx/CVE-2023-27836.json index 367fec55097..4a8f494fdd1 100644 --- a/2023/27xxx/CVE-2023-27836.json +++ b/2023/27xxx/CVE-2023-27836.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P%202", + "refsource": "MISC", + "name": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P%202" } ] } diff --git a/2023/28xxx/CVE-2023-28598.json b/2023/28xxx/CVE-2023-28598.json index c7699cb8c0c..ef7cb3011ab 100644 --- a/2023/28xxx/CVE-2023-28598.json +++ b/2023/28xxx/CVE-2023-28598.json @@ -31,11 +31,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Linux clients", + "product_name": "Zoom for Linux clients", "version": { "version_data": [ { diff --git a/2023/28xxx/CVE-2023-28599.json b/2023/28xxx/CVE-2023-28599.json index 50388df7689..3b689bd1c29 100644 --- a/2023/28xxx/CVE-2023-28599.json +++ b/2023/28xxx/CVE-2023-28599.json @@ -31,11 +31,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Android", + "product_name": "Zoom for Android", "version": { "version_data": [ { @@ -51,7 +51,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "5.13.10" + "version_value": "before 5.13.10" } ] } @@ -62,7 +62,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "5.13.10" + "version_value": "before 5.13.10" } ] } @@ -73,7 +73,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "5.13.10" + "version_value": "before 5.13.10" } ] } @@ -84,7 +84,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "5.13.10" + "version_value": "before 5.13.10" } ] } diff --git a/2023/28xxx/CVE-2023-28600.json b/2023/28xxx/CVE-2023-28600.json index 1f7c33a4536..2553a77dc8b 100644 --- a/2023/28xxx/CVE-2023-28600.json +++ b/2023/28xxx/CVE-2023-28600.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for macOS", + "product_name": "Zoom for macOS Client", "version": { "version_data": [ { diff --git a/2023/28xxx/CVE-2023-28601.json b/2023/28xxx/CVE-2023-28601.json index a2dcd046570..3148bddea04 100644 --- a/2023/28xxx/CVE-2023-28601.json +++ b/2023/28xxx/CVE-2023-28601.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows Client", "version": { "version_data": [ { diff --git a/2023/28xxx/CVE-2023-28602.json b/2023/28xxx/CVE-2023-28602.json index e0e0bbb7c6d..348d67df0b3 100644 --- a/2023/28xxx/CVE-2023-28602.json +++ b/2023/28xxx/CVE-2023-28602.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows Client", "version": { "version_data": [ { diff --git a/2023/28xxx/CVE-2023-28603.json b/2023/28xxx/CVE-2023-28603.json index 1de0a7baeb3..73b13f6e340 100644 --- a/2023/28xxx/CVE-2023-28603.json +++ b/2023/28xxx/CVE-2023-28603.json @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "VDI Windows Meeting Client", + "product_name": "Zoom VDI Windows Meeting Client", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } diff --git a/2023/34xxx/CVE-2023-34113.json b/2023/34xxx/CVE-2023-34113.json index 673a33bfcba..48c2a1ec53f 100644 --- a/2023/34xxx/CVE-2023-34113.json +++ b/2023/34xxx/CVE-2023-34113.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows Client", "version": { "version_data": [ { diff --git a/2023/34xxx/CVE-2023-34114.json b/2023/34xxx/CVE-2023-34114.json index 2a0caaa3cff..573bc140be5 100644 --- a/2023/34xxx/CVE-2023-34114.json +++ b/2023/34xxx/CVE-2023-34114.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668 Exposure of Resource to Wrong Sphere", + "cweId": "CWE-668" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom for Windows Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 5.14.10" + } + ] + } + }, + { + "product_name": "Zoom for MacOS Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 5.14.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34115.json b/2023/34xxx/CVE-2023-34115.json index 70bb80e41db..b70a5c250b5 100644 --- a/2023/34xxx/CVE-2023-34115.json +++ b/2023/34xxx/CVE-2023-34115.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Meeting SDK", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 5.13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34120.json b/2023/34xxx/CVE-2023-34120.json index fbe3de5269c..4a6fb6298ad 100644 --- a/2023/34xxx/CVE-2023-34120.json +++ b/2023/34xxx/CVE-2023-34120.json @@ -32,38 +32,38 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows Client", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } }, { - "product_name": "Rooms client for Windows", + "product_name": "Zoom Rooms Client for Windows", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } }, { - "product_name": "VDI Windows Meeting", + "product_name": "Zoom VDI for Windows Meeting Clients", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } diff --git a/2023/34xxx/CVE-2023-34121.json b/2023/34xxx/CVE-2023-34121.json index 327a4cc351f..e02b235f838 100644 --- a/2023/34xxx/CVE-2023-34121.json +++ b/2023/34xxx/CVE-2023-34121.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows", "version": { "version_data": [ { @@ -47,23 +47,30 @@ } }, { - "product_name": "Rooms client for Windows", + "product_name": "Zoom Rooms Client for Windows", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } - }, + } + ] + } + }, + { + "vendor_name": "ZoomZoom Video Communications, Inc.", + "product": { + "product_data": [ { - "product_name": "VDI for Windows", + "product_name": "Zoom VDI for Windows Meeting Clients", "version": { "version_data": [ { "version_affected": "=", - "version_value": "5.14.0" + "version_value": "before 5.14.0" } ] } diff --git a/2023/34xxx/CVE-2023-34122.json b/2023/34xxx/CVE-2023-34122.json index e0061a99175..45eb3b86dfa 100644 --- a/2023/34xxx/CVE-2023-34122.json +++ b/2023/34xxx/CVE-2023-34122.json @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Zoom", + "vendor_name": "Zoom Video Communications, Inc.", "product": { "product_data": [ { - "product_name": "for Windows", + "product_name": "Zoom for Windows Client", "version": { "version_data": [ { diff --git a/2023/34xxx/CVE-2023-34965.json b/2023/34xxx/CVE-2023-34965.json index 569dbc46a82..1d494a04d6f 100644 --- a/2023/34xxx/CVE-2023-34965.json +++ b/2023/34xxx/CVE-2023-34965.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34965", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34965", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Anankke/SSPanel-Uim", + "refsource": "MISC", + "name": "https://github.com/Anankke/SSPanel-Uim" + }, + { + "url": "https://docs.google.com/document/d/1TbHYGW65o1HBZoDf0rUDQMHPJE6qfQAvqdFv1DYY4BU/edit?usp=sharing", + "refsource": "MISC", + "name": "https://docs.google.com/document/d/1TbHYGW65o1HBZoDf0rUDQMHPJE6qfQAvqdFv1DYY4BU/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/AgentY0/CVE-2023-34965", + "url": "https://github.com/AgentY0/CVE-2023-34965" } ] } diff --git a/2023/3xxx/CVE-2023-3224.json b/2023/3xxx/CVE-2023-3224.json index 6da9cb4e7be..69aabb783cb 100644 --- a/2023/3xxx/CVE-2023-3224.json +++ b/2023/3xxx/CVE-2023-3224.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-3224", - "STATE": "PUBLIC", - "TITLE": " Code Injection in nuxt/nuxt" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "nuxt/nuxt", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.5.3" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-3224", + "STATE": "PUBLIC", + "TITLE": " Code Injection in nuxt/nuxt" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nuxt/nuxt", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.5.3" + } + ] + } + } + ] + }, + "vendor_name": "nuxt" } - } ] - }, - "vendor_name": "nuxt" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": " Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87" - }, - { - "name": "https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff", - "refsource": "MISC", - "url": "https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff" - } - ] - }, - "source": { - "advisory": "1eb74fd8-0258-4c1f-a904-83b52e373a87", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87" + }, + { + "name": "https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff", + "refsource": "MISC", + "url": "https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff" + } + ] + }, + "source": { + "advisory": "1eb74fd8-0258-4c1f-a904-83b52e373a87", + "discovery": "EXTERNAL" + } } \ No newline at end of file