Auto-merge PR#4304

2025-07-30 18:04:30 +00:00 · 2020-07-14 17:15:18 -04:00 · 2020-07-14 17:15:18 -04:00 · 84c4b3a7cf
commit 84c4b3a7cf
parent 84889f56d7 706d351662
1 changed files with 74 additions and 6 deletions
--- a/2020/11xxx/CVE-2020-11084.json
+++ b/2020/11xxx/CVE-2020-11084.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11084",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Command Injection in iPear"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "iPear",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 0.6.14, <= 0.6.15"
+                                        },
+                                        {
+                                            "version_value": "= 0.7.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "yaBobJonez"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via \"For Developers\" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-4xvp-35fx-hjjj",
+        "discovery": "UNKNOWN"
    }
 }