"-Synchronized-Data."

2020/11xxx/CVE-2020-11108.json

@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-11108",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}

2020/11xxx/CVE-2020-11109.json

@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-11109",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}

2020/11xxx/CVE-2020-11110.json

@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-11110",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}

2020/5xxx/CVE-2020-5255.json

@@ -16,10 +16,7 @@
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_value": ">= 4.4.0, < 4.4.7"
-                                        },
-                                        {
-                                            "version_value": ">= 5.0.0, < 5.0.7"
+                                            "version_value": "< 4.4"
                                         }
                                     ]
                                 }
@@ -38,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header,\naffected versions of Symfony can fallback to the format defined in the `Accept` header of the request,\nleading to a possible mismatch between the response&#39;s content and `Content-Type` header.\nWhen the response is cached, this can prevent the use of the website by other users.\n\nThis has been patched in versions 4.4.7 and 5.0.7."
+                "value": "In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response&#39;s content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4."
             }
         ]
     },
@@ -88,4 +85,4 @@
         "advisory": "GHSA-mcx4-f5f5-4859",
         "discovery": "UNKNOWN"
     }
-}
+}

2020/5xxx/CVE-2020-5284.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Next.js versions before 9.3.2 have a directory traversal vulnerability.\nAttackers could craft special requests to access files in the dist directory (.next).\nThis does not affect files outside of the dist directory (.next).\nIn general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.\n\nThis issue is fixed in version 9.3.2."
+                "value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2."
             }
         ]
     },

2020/5xxx/CVE-2020-5289.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model.\nThe adversary can construct filter expressions for an inaccessible field to filter a collection.\nThe presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field.\n\nResolved in Elide 4.5.14 and greater."
+                "value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater."
             }
         ]
     },
@@ -90,4 +90,4 @@
         "advisory": "GHSA-2mxr-89gf-rc4v",
         "discovery": "UNKNOWN"
     }
-}
+}