"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-01-11 10:02:00 +00:00 · 2021-01-11 10:02:00 +00:00 · 7e8c1d4fc6
commit 7e8c1d4fc6
parent 2f83cfb4a8
4 changed files with 19 additions and 15 deletions
--- a/2020/11xxx/CVE-2020-11995.json
+++ b/2020/11xxx/CVE-2020-11995.json
@ -42,7 +42,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request.  This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8."
+                "value": "A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8."
            }
        ]
    },
@ -65,12 +65,13 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E",
+                "name": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2020/13xxx/CVE-2020-13922.json
+++ b/2020/13xxx/CVE-2020-13922.json
@ -66,12 +66,13 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html"
+                "refsource": "MISC",
+                "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html",
+                "name": "https://www.mail-archive.com/announce@apache.org/msg06076.html"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2020/17xxx/CVE-2020-17508.json
+++ b/2020/17xxx/CVE-2020-17508.json
@ -47,7 +47,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability.  If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later.\n"
+                "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later."
            }
        ]
    },
@ -70,12 +70,13 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E",
+                "name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2020/17xxx/CVE-2020-17509.json
+++ b/2020/17xxx/CVE-2020-17509.json
@ -47,7 +47,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7.  If you have this option enabled, please upgrade or disable this feature.\n"
+                "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature."
            }
        ]
    },
@ -70,12 +70,13 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E"
+                "refsource": "MISC",
+                "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E",
+                "name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}