From 8b78f58757ebcaaf6753951872e0df351e46cf18 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Jan 2024 15:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/3xxx/CVE-2023-3726.json | 83 ++++++++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49658.json | 83 ++++++++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49665.json | 83 ++++++++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49666.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50743.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50752.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50753.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50760.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50862.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50863.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50864.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50865.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50866.json | 83 ++++++++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50867.json | 83 ++++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6093.json | 12 ++--- 2023/7xxx/CVE-2023-7206.json | 18 ++++++++ 2024/0xxx/CVE-2024-0236.json | 18 ++++++++ 2024/0xxx/CVE-2024-0237.json | 18 ++++++++ 2024/0xxx/CVE-2024-0238.json | 18 ++++++++ 2024/21xxx/CVE-2024-21625.json | 76 +++++++++++++++++++++++++++++-- 20 files changed, 1256 insertions(+), 66 deletions(-) create mode 100644 2023/7xxx/CVE-2023-7206.json create mode 100644 2024/0xxx/CVE-2024-0236.json create mode 100644 2024/0xxx/CVE-2024-0237.json create mode 100644 2024/0xxx/CVE-2024-0238.json diff --git a/2023/3xxx/CVE-2023-3726.json b/2023/3xxx/CVE-2023-3726.json index 1c0d15c9351..0fe4e98911b 100644 --- a/2023/3xxx/CVE-2023-3726.json +++ b/2023/3xxx/CVE-2023-3726.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OCSInventory", + "product": { + "product_data": [ + { + "product_name": "OCSInventory", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/creed/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/creed/" + }, + { + "url": "https://ocsinventory-ng.org/", + "refsource": "MISC", + "name": "https://ocsinventory-ng.org/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49658.json b/2023/49xxx/CVE-2023-49658.json index 9adf969517c..412e0548613 100644 --- a/2023/49xxx/CVE-2023-49658.json +++ b/2023/49xxx/CVE-2023-49658.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Billing Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/zimerman/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/zimerman/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49665.json b/2023/49xxx/CVE-2023-49665.json index 6c9ad407486..0dfbcf528eb 100644 --- a/2023/49xxx/CVE-2023-49665.json +++ b/2023/49xxx/CVE-2023-49665.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Billing Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/zimerman/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/zimerman/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49666.json b/2023/49xxx/CVE-2023-49666.json index dd8671ba939..3e40f015fa2 100644 --- a/2023/49xxx/CVE-2023-49666.json +++ b/2023/49xxx/CVE-2023-49666.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Billing Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/zimerman/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/zimerman/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50743.json b/2023/50xxx/CVE-2023-50743.json index 4c585e0a828..0ba1ab5fe2a 100644 --- a/2023/50xxx/CVE-2023-50743.json +++ b/2023/50xxx/CVE-2023-50743.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Online Notice Board System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/perahia/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/perahia/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50752.json b/2023/50xxx/CVE-2023-50752.json index bdcf9237086..4aea7de3115 100644 --- a/2023/50xxx/CVE-2023-50752.json +++ b/2023/50xxx/CVE-2023-50752.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Online Notice Board System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/perahia/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/perahia/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50753.json b/2023/50xxx/CVE-2023-50753.json index c9ac1627a05..3b23d5c02c1 100644 --- a/2023/50xxx/CVE-2023-50753.json +++ b/2023/50xxx/CVE-2023-50753.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Online Notice Board System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/perahia/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/perahia/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50760.json b/2023/50xxx/CVE-2023-50760.json index 5c61d742ce0..46e49906fd3 100644 --- a/2023/50xxx/CVE-2023-50760.json +++ b/2023/50xxx/CVE-2023-50760.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Online Notice Board System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/arrau/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/arrau/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50862.json b/2023/50xxx/CVE-2023-50862.json index 2301f808212..e4a80016e17 100644 --- a/2023/50xxx/CVE-2023-50862.json +++ b/2023/50xxx/CVE-2023-50862.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50863.json b/2023/50xxx/CVE-2023-50863.json index 02ed2e29149..0d256f9f3b1 100644 --- a/2023/50xxx/CVE-2023-50863.json +++ b/2023/50xxx/CVE-2023-50863.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50864.json b/2023/50xxx/CVE-2023-50864.json index 62a5f655dfc..f5b37e6e671 100644 --- a/2023/50xxx/CVE-2023-50864.json +++ b/2023/50xxx/CVE-2023-50864.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50865.json b/2023/50xxx/CVE-2023-50865.json index 8e898800211..2ea5833900b 100644 --- a/2023/50xxx/CVE-2023-50865.json +++ b/2023/50xxx/CVE-2023-50865.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50866.json b/2023/50xxx/CVE-2023-50866.json index 5a078a72e79..b30a12732f7 100644 --- a/2023/50xxx/CVE-2023-50866.json +++ b/2023/50xxx/CVE-2023-50866.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50867.json b/2023/50xxx/CVE-2023-50867.json index bb4b613faef..dbe388c4eda 100644 --- a/2023/50xxx/CVE-2023-50867.json +++ b/2023/50xxx/CVE-2023-50867.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Travel Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/evans/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/evans/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6093.json b/2023/6xxx/CVE-2023-6093.json index 5de10c56820..1c2bea33a71 100644 --- a/2023/6xxx/CVE-2023-6093.json +++ b/2023/6xxx/CVE-2023-6093.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nA vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability result from incorrectly restricts frame objects, which lead to user confusion about which interface the user is interacting with.\n\nThis vulnerability may lead attacker to trick user into interacting with the application.\n\n\n\n" + "value": "A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.\n\n" } ] }, @@ -36,12 +36,12 @@ "product": { "product_data": [ { - "product_name": "OnCell G3150A-LTE Series", + "product_name": "OnCell G3150A-LTE Series", "version": { "version_data": [ { "version_affected": "<=", - "version_name": "1,0", + "version_name": "1.0", "version_value": "1.3" } ] @@ -66,7 +66,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "discovery": "UNKNOWN" + "discovery": "EXTERNAL" }, "work_around": [ { @@ -75,10 +75,10 @@ { "base64": false, "type": "text/html", - "value": "\n\n

Since Oncell G3150A-LTE has been phased out, we don\u2019t have the plan to address CVE 2023-6093. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context.

Moxa recommends users to implement the following mitigations if necessary:

\u00b7         Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.

\u00b7         Place control system networks and remote devices behind firewalls, isolating them from business networks.

\u00b7         When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices. 

" + "value": "\n\n

Since Oncell G3150A-LTE has been phased out, we don\u2019t have any plans to address CVE 2023-6093. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context.  

Moxa recommends users to implement the following mitigations if necessary:

" } ], - "value": "\nSince Oncell G3150A-LTE has been phased out, we don\u2019t have the plan to address CVE 2023-6093. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context.\n\nMoxa recommends users to implement the following mitigations if necessary:\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0 Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0 Place control system networks and remote devices behind firewalls, isolating them from business networks.\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0 When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\u00a0\n\n" + "value": "\n\n\nSince Oncell G3150A-LTE has been phased out, we don\u2019t have any plans to address CVE 2023-6093. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context. \u00a0\n\nMoxa recommends users to implement the following mitigations if necessary: \n\n * Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet. \n\n\n * Place control system networks and remote devices behind firewalls, isolating them from business networks. \n\n\n * When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\n\n\n\n\n\n\n" } ], "impact": { diff --git a/2023/7xxx/CVE-2023-7206.json b/2023/7xxx/CVE-2023-7206.json new file mode 100644 index 00000000000..04921f7593c --- /dev/null +++ b/2023/7xxx/CVE-2023-7206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0236.json b/2024/0xxx/CVE-2024-0236.json new file mode 100644 index 00000000000..9117b0a0b9e --- /dev/null +++ b/2024/0xxx/CVE-2024-0236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0237.json b/2024/0xxx/CVE-2024-0237.json new file mode 100644 index 00000000000..2e7b6d262f7 --- /dev/null +++ b/2024/0xxx/CVE-2024-0237.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0237", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0238.json b/2024/0xxx/CVE-2024-0238.json new file mode 100644 index 00000000000..78ed1c0fc6e --- /dev/null +++ b/2024/0xxx/CVE-2024-0238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21625.json b/2024/21xxx/CVE-2024-21625.json index bd946688bb9..89ac729e55e 100644 --- a/2024/21xxx/CVE-2024-21625.json +++ b/2024/21xxx/CVE-2024-21625.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SideQuestVR", + "product": { + "product_data": [ + { + "product_name": "SideQuest", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.10.35" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7", + "refsource": "MISC", + "name": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7" + } + ] + }, + "source": { + "advisory": "GHSA-3v86-cf9q-x4x7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }