diff --git a/2024/28xxx/CVE-2024-28133.json b/2024/28xxx/CVE-2024-28133.json index 2c7d546f3a0..56d3c1bb647 100644 --- a/2024/28xxx/CVE-2024-28133.json +++ b/2024/28xxx/CVE-2024-28133.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local low privileged attacker can use an untrusted search path in a\u00a0CHARX system utility to gain\u00a0root\nprivileges.\u00a0\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-019", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-019" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-019", + "defect": [ + "CERT@VDE#64664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Trend Micro's Zero Day Initiative" + }, + { + "lang": "en", + "value": "Summoning Team" + }, + { + "lang": "en", + "value": "Sina Kheirkhah" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28134.json b/2024/28xxx/CVE-2024-28134.json index 442cd81fbf9..9fcf769d8a3 100644 --- a/2024/28xxx/CVE-2024-28134.json +++ b/2024/28xxx/CVE-2024-28134.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tAn unauthenticated remote attacker can extract a session token with a MitM attack and gain\u00a0web-based\nmanagement access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required.\u00a0The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-019", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-019" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-019", + "defect": [ + "CERT@VDE#64664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Trend Micro's Zero Day Initiative" + }, + { + "lang": "en", + "value": "Summoning Team" + }, + { + "lang": "en", + "value": "Sina Kheirkhah" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28135.json b/2024/28xxx/CVE-2024-28135.json index 28fb658057f..f38a9dc106e 100644 --- a/2024/28xxx/CVE-2024-28135.json +++ b/2024/28xxx/CVE-2024-28135.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA low privileged remote attacker can use\u00a0a command injection vulnerability in the API which performs\nremote code execution as the user-app\u00a0user\u00a0due to improper input validation. The confidentiality is partly affected.\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-019", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-019" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-019", + "defect": [ + "CERT@VDE#64664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Trend Micro's Zero Day Initiative" + }, + { + "lang": "en", + "value": "Summoning Team" + }, + { + "lang": "en", + "value": "Sina Kheirkhah" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28136.json b/2024/28xxx/CVE-2024-28136.json index 34fccdc5f26..5c3bffa41d2 100644 --- a/2024/28xxx/CVE-2024-28136.json +++ b/2024/28xxx/CVE-2024-28136.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can use a command injection vulnerability to gain root\nprivileges due to improper input validation using the OCPP Remote service.\n\n\n\n\n\n\n\n\n\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-019", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-019" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-019", + "defect": [ + "CERT@VDE#64664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Trend Micro's Zero Day Initiative" + }, + { + "lang": "en", + "value": "ByteInsight" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28137.json b/2024/28xxx/CVE-2024-28137.json index 0136c5f4118..a574c6cd6a8 100644 --- a/2024/28xxx/CVE-2024-28137.json +++ b/2024/28xxx/CVE-2024-28137.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can\u00a0perform a privilege escalation with an init script due to a TOCTOU vulnerability.\n\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-019", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-019" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-019", + "defect": [ + "CERT@VDE#64664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Trend Micro's Zero Day Initiative" + }, + { + "lang": "en", + "value": "Todd Manning" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3579.json b/2024/3xxx/CVE-2024-3579.json index ab3a99a7608..4e974be6e4d 100644 --- a/2024/3xxx/CVE-2024-3579.json +++ b/2024/3xxx/CVE-2024-3579.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.\u00a0\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Puneeth Reddy", + "product": { + "product_data": [ + { + "product_name": "Online Shopping System Advanced", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "*", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/05/CVE-2024-3579", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/05/CVE-2024-3579" + }, + { + "url": "https://cert.pl/posts/2024/05/CVE-2024-3579", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/05/CVE-2024-3579" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT.PL) " + } + ] } \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4392.json b/2024/4xxx/CVE-2024-4392.json index be7dfe2f269..b045aa5d7f5 100644 --- a/2024/4xxx/CVE-2024-4392.json +++ b/2024/4xxx/CVE-2024-4392.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "automattic", + "product": { + "product_data": [ + { + "product_name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "13.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11dceac7-7ff8-4384-9046-919c38947c32?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11dceac7-7ff8-4384-9046-919c38947c32?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/jetpack/tags/13.3.1/modules/videopress/class.videopress-player.php#L335", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/jetpack/tags/13.3.1/modules/videopress/class.videopress-player.php#L335" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] }