diff --git a/2019/7xxx/CVE-2019-7617.json b/2019/7xxx/CVE-2019-7617.json index 133b16964b2..5355e485e22 100644 --- a/2019/7xxx/CVE-2019-7617.json +++ b/2019/7xxx/CVE-2019-7617.json @@ -1,63 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", - "ID": "CVE-2019-7617", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ - { - "product_name": "Elastic APM agent for Python", - "version": { - "version_data": [ - { - "version_value": "before 5.1.0" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2019-7617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elastic APM agent for Python", + "version": { + "version_data": [ + { + "version_value": "before 5.1.0" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.elastic.co/community/security/" - }, - { - "url": "https://discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing." - } - ] - } -} + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing." + } + ] + } +} \ No newline at end of file