From 7e8c1d4fc60151c0ff641d7308682ac90a4a7f71 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 10:02:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11995.json | 9 +++++---- 2020/13xxx/CVE-2020-13922.json | 7 ++++--- 2020/17xxx/CVE-2020-17508.json | 9 +++++---- 2020/17xxx/CVE-2020-17509.json | 9 +++++---- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/2020/11xxx/CVE-2020-11995.json b/2020/11xxx/CVE-2020-11995.json index 3eba672bcb2..22fdfd01ecb 100644 --- a/2020/11xxx/CVE-2020-11995.json +++ b/2020/11xxx/CVE-2020-11995.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8." + "value": "A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8." } ] }, @@ -65,12 +65,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13922.json b/2020/13xxx/CVE-2020-13922.json index d35a28fa6b8..54e5f71219a 100644 --- a/2020/13xxx/CVE-2020-13922.json +++ b/2020/13xxx/CVE-2020-13922.json @@ -66,12 +66,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html" + "refsource": "MISC", + "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html", + "name": "https://www.mail-archive.com/announce@apache.org/msg06076.html" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/17xxx/CVE-2020-17508.json b/2020/17xxx/CVE-2020-17508.json index 160a9466d73..dde059a6f38 100644 --- a/2020/17xxx/CVE-2020-17508.json +++ b/2020/17xxx/CVE-2020-17508.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later.\n" + "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later." } ] }, @@ -70,12 +70,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/17xxx/CVE-2020-17509.json b/2020/17xxx/CVE-2020-17509.json index a3b72cc65a7..1e9dce480de 100644 --- a/2020/17xxx/CVE-2020-17509.json +++ b/2020/17xxx/CVE-2020-17509.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature.\n" + "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature." } ] }, @@ -70,12 +70,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E", + "name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file