Update CVE-2022-25273.json

2025-06-08 05:58:08 +00:00 · 2023-04-25 15:56:32 -04:00 · 2023-04-25 15:56:32 -04:00 · b73c123b83
commit b73c123b83
parent 7083ac437b
1 changed files with 51 additions and 14 deletions
--- a/2022/25xxx/CVE-2022-25273.json
+++ b/2022/25xxx/CVE-2022-25273.json
@ -1,18 +1,55 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-25273",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+  "dataType": "CVE_RECORD",
+  "dataVersion": "5.0",
+  "cveMetadata": {
+    "cveId": "CVE-2022-25273",
+    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
+    "state": "PUBLISHED"
+  },
+  "containers": {
+    "cna": {
+      "providerMetadata": {
+        "orgId": "00000000-0000-4000-9000-000000000000"
+      },
+      "affected": [
+        {
+          "vendor": "Drupal",
+          "product": "core",
+          "versions": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+              "status": "affected",
+              "version": "9.3",
+              "lessThanOrEqual": "9.3.12",
+              "versionType": "custom"
+            },
+            {
+              "status": "affected",
+              "version": "9.2",
+              "lessThanOrEqual": "9.2.18",
+              "versionType": "custom"
            }
-        ]
+          ],
+          "defaultStatus": "unknown"
+        }
+      ],
+      "descriptions": [
+        {
+          "lang": "en",
+          "value": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.\n",
+          "supportingMedia": [
+            {
+              "type": "text/html",
+              "base64": false,
+              "value": "<span style=\"background-color: rgb(255, 255, 255);\">Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.</span><br>"
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "url": "https://www.drupal.org/sa-core-2022-008"
+        }
+      ]
    }
+  }
 }