Auto-merge PR#4413

2025-08-04 08:44:25 +00:00 · 2020-07-27 07:30:14 -04:00 · 2020-07-27 07:30:14 -04:00 · 9d5b88b67d
commit 9d5b88b67d
parent 1d55ac1ef8 121a8388d5
1 changed files with 76 additions and 4 deletions
--- a/2020/7xxx/CVE-2020-7695.json
+++ b/2020/7xxx/CVE-2020-7695.json
@ -3,16 +3,88 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2020-07-27T11:23:53.870794Z",
        "ID": "CVE-2020-7695",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "HTTP Response Splitting"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "uvicorn",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": ">=",
+                                            "version_value": "0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "HTTP Response Splitting"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/encode/uvicorn"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects all versions of package uvicorn.\n Uvicorn's implementation of the HTTP protocol for the httptools parser is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.\r\n\r\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
+            "baseScore": 5.3,
+            "baseSeverity": "MEDIUM",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "NONE"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Everardo Padilla Saca"
+        }
+    ]
 }