From a87216c8eca74a517ba267059f5a9d8bd5b2661b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 1 Feb 2023 00:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16981.json | 5 ++ 2019/13xxx/CVE-2019-13217.json | 5 ++ 2019/13xxx/CVE-2019-13218.json | 5 ++ 2019/13xxx/CVE-2019-13219.json | 5 ++ 2019/13xxx/CVE-2019-13220.json | 5 ++ 2019/13xxx/CVE-2019-13221.json | 5 ++ 2019/13xxx/CVE-2019-13222.json | 5 ++ 2019/13xxx/CVE-2019-13223.json | 5 ++ 2021/28xxx/CVE-2021-28021.json | 5 ++ 2021/37xxx/CVE-2021-37789.json | 5 ++ 2021/42xxx/CVE-2021-42715.json | 5 ++ 2022/28xxx/CVE-2022-28041.json | 5 ++ 2022/28xxx/CVE-2022-28042.json | 5 ++ 2022/48xxx/CVE-2022-48161.json | 56 +++++++++++++++++++--- 2023/0xxx/CVE-2023-0341.json | 87 ++++++++++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0606.json | 18 +++++++ 2023/0xxx/CVE-2023-0607.json | 18 +++++++ 2023/23xxx/CVE-2023-23924.json | 86 +++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24241.json | 56 +++++++++++++++++++--- 2023/24xxx/CVE-2023-24956.json | 62 ++++++++++++++++++++++++ 20 files changed, 428 insertions(+), 20 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0606.json create mode 100644 2023/0xxx/CVE-2023-0607.json create mode 100644 2023/24xxx/CVE-2023-24956.json diff --git a/2018/16xxx/CVE-2018-16981.json b/2018/16xxx/CVE-2018-16981.json index ce2ca3b14e9..dd50603bf13 100644 --- a/2018/16xxx/CVE-2018-16981.json +++ b/2018/16xxx/CVE-2018-16981.json @@ -56,6 +56,11 @@ "name": "https://github.com/nothings/stb/issues/656", "refsource": "MISC", "url": "https://github.com/nothings/stb/issues/656" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13217.json b/2019/13xxx/CVE-2019-13217.json index 3dfa337bedc..87d33ab6f55 100644 --- a/2019/13xxx/CVE-2019-13217.json +++ b/2019/13xxx/CVE-2019-13217.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13218.json b/2019/13xxx/CVE-2019-13218.json index 54b290f3394..d4481088b09 100644 --- a/2019/13xxx/CVE-2019-13218.json +++ b/2019/13xxx/CVE-2019-13218.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13219.json b/2019/13xxx/CVE-2019-13219.json index edea00f8def..b55968e8056 100644 --- a/2019/13xxx/CVE-2019-13219.json +++ b/2019/13xxx/CVE-2019-13219.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13220.json b/2019/13xxx/CVE-2019-13220.json index f7ddf2d231e..ce4303a6271 100644 --- a/2019/13xxx/CVE-2019-13220.json +++ b/2019/13xxx/CVE-2019-13220.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13221.json b/2019/13xxx/CVE-2019-13221.json index 04dcf113010..5f8c0c875dc 100644 --- a/2019/13xxx/CVE-2019-13221.json +++ b/2019/13xxx/CVE-2019-13221.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13222.json b/2019/13xxx/CVE-2019-13222.json index 6b1fb90fd84..0ea197e601b 100644 --- a/2019/13xxx/CVE-2019-13222.json +++ b/2019/13xxx/CVE-2019-13222.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2019/13xxx/CVE-2019-13223.json b/2019/13xxx/CVE-2019-13223.json index a2a2afdb6a9..999839ca888 100644 --- a/2019/13xxx/CVE-2019-13223.json +++ b/2019/13xxx/CVE-2019-13223.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6", "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2021/28xxx/CVE-2021-28021.json b/2021/28xxx/CVE-2021-28021.json index ecced1dec39..7d9d4102c84 100644 --- a/2021/28xxx/CVE-2021-28021.json +++ b/2021/28xxx/CVE-2021-28021.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-832689aa6b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2021/37xxx/CVE-2021-37789.json b/2021/37xxx/CVE-2021-37789.json index 3e71b5c1b87..a38e400dbfb 100644 --- a/2021/37xxx/CVE-2021-37789.json +++ b/2021/37xxx/CVE-2021-37789.json @@ -56,6 +56,11 @@ "url": "https://github.com/nothings/stb/issues/1178", "refsource": "MISC", "name": "https://github.com/nothings/stb/issues/1178" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2021/42xxx/CVE-2021-42715.json b/2021/42xxx/CVE-2021-42715.json index e3482ba7476..441eabbd297 100644 --- a/2021/42xxx/CVE-2021-42715.json +++ b/2021/42xxx/CVE-2021-42715.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-832689aa6b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2022/28xxx/CVE-2022-28041.json b/2022/28xxx/CVE-2022-28041.json index bd8c85c6612..ba6c67a45ee 100644 --- a/2022/28xxx/CVE-2022-28041.json +++ b/2022/28xxx/CVE-2022-28041.json @@ -111,6 +111,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-0125d9cd29", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J72YJQ3R5MG23GECPUCLAWPPZ6TZPG7U/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2022/28xxx/CVE-2022-28042.json b/2022/28xxx/CVE-2022-28042.json index d25d4bd4871..edb28b8ce99 100644 --- a/2022/28xxx/CVE-2022-28042.json +++ b/2022/28xxx/CVE-2022-28042.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c8f6a39cf6", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html" } ] } diff --git a/2022/48xxx/CVE-2022-48161.json b/2022/48xxx/CVE-2022-48161.json index c74a80ef950..85ce8920d34 100644 --- a/2022/48xxx/CVE-2022-48161.json +++ b/2022/48xxx/CVE-2022-48161.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48161", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48161", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability", + "refsource": "MISC", + "name": "https://github.com/sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability" } ] } diff --git a/2023/0xxx/CVE-2023-0341.json b/2023/0xxx/CVE-2023-0341.json index 6c4ffe6ebe9..d0f5fa3b2ba 100644 --- a/2023/0xxx/CVE-2023-0341.json +++ b/2023/0xxx/CVE-2023-0341.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EditorConfig", + "product": { + "product_data": [ + { + "product_name": "EditorConfig C Core", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e", + "refsource": "MISC", + "name": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e" + }, + { + "url": "https://litios.github.io/2023/01/14/CVE-2023-0341.html", + "refsource": "MISC", + "name": "https://litios.github.io/2023/01/14/CVE-2023-0341.html" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "David Fernandez Gonzalez" + }, + { + "lang": "en", + "value": "Mark Esler" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0606.json b/2023/0xxx/CVE-2023-0606.json new file mode 100644 index 00000000000..3f578e1f19d --- /dev/null +++ b/2023/0xxx/CVE-2023-0606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0607.json b/2023/0xxx/CVE-2023-0607.json new file mode 100644 index 00000000000..956dedc0968 --- /dev/null +++ b/2023/0xxx/CVE-2023-0607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23924.json b/2023/23xxx/CVE-2023-23924.json index 16f27a06aec..4ba93947d08 100644 --- a/2023/23xxx/CVE-2023-23924.json +++ b/2023/23xxx/CVE-2023-23924.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization", + "cweId": "CWE-551" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dompdf", + "product": { + "product_data": [ + { + "product_name": "dompdf", + "version": { + "version_data": [ + { + "version_value": "< 2.0.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg", + "refsource": "MISC", + "name": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg" + }, + { + "url": "https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85", + "refsource": "MISC", + "name": "https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85" + }, + { + "url": "https://github.com/dompdf/dompdf/releases/tag/v2.0.2", + "refsource": "MISC", + "name": "https://github.com/dompdf/dompdf/releases/tag/v2.0.2" + } + ] + }, + "source": { + "advisory": "GHSA-3cw5-7cxw-v5qg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24241.json b/2023/24xxx/CVE-2023-24241.json index 43ef79e967b..e7b3d8e3d56 100644 --- a/2023/24xxx/CVE-2023-24241.json +++ b/2023/24xxx/CVE-2023-24241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Mortalwangxin/lives/issues/1", + "refsource": "MISC", + "name": "https://github.com/Mortalwangxin/lives/issues/1" } ] } diff --git a/2023/24xxx/CVE-2023-24956.json b/2023/24xxx/CVE-2023-24956.json new file mode 100644 index 00000000000..8ebf9266478 --- /dev/null +++ b/2023/24xxx/CVE-2023-24956.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-24956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Mortalwangxin/lives/issues/1", + "refsource": "MISC", + "name": "https://github.com/Mortalwangxin/lives/issues/1" + } + ] + } +} \ No newline at end of file