admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-20 13:02:06 +00:00
parent 59fa289096
commit 7a4d9476ff
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 118 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/35xxx/CVE-2020-35217.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/vert-x3/vertx-web/pull/1613",
"refsource": "MISC",
"name": "https://github.com/vert-x3/vertx-web/pull/1613"
}
]
}

22
2021/23xxx/CVE-2021-23326.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543",
"name": "https://snyk.io/vuln/SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ardatan/graphql-tools/commit/6a966beee8ca8b2f4adfe93318b96e4a5c501eac"
"refsource": "MISC",
"url": "https://github.com/ardatan/graphql-tools/commit/6a966beee8ca8b2f4adfe93318b96e4a5c501eac",
"name": "https://github.com/ardatan/graphql-tools/commit/6a966beee8ca8b2f4adfe93318b96e4a5c501eac"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ardatan/graphql-tools/pull/2470"
"refsource": "MISC",
"url": "https://github.com/ardatan/graphql-tools/pull/2470",
"name": "https://github.com/ardatan/graphql-tools/pull/2470"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ardatan/graphql-tools/releases/tag/%40graphql-tools%2Fgit-loader%406.2.6"
"refsource": "MISC",
"url": "https://github.com/ardatan/graphql-tools/releases/tag/%40graphql-tools%2Fgit-loader%406.2.6",
"name": "https://github.com/ardatan/graphql-tools/releases/tag/%40graphql-tools%2Fgit-loader%406.2.6"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package @graphql-tools/git-loader before 6.2.6.\n The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.\n"
"value": "This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection."
}
]
},

61
2021/3xxx/CVE-2021-3110.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49410",
"url": "https://www.exploit-db.com/exploits/49410"
},
{
"refsource": "MISC",
"name": "https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e",
"url": "https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e"
}
]
}