diff --git a/2020/11xxx/CVE-2020-11108.json b/2020/11xxx/CVE-2020-11108.json new file mode 100644 index 00000000000..427ae31cbf0 --- /dev/null +++ b/2020/11xxx/CVE-2020-11108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11109.json b/2020/11xxx/CVE-2020-11109.json new file mode 100644 index 00000000000..2d756f0aac1 --- /dev/null +++ b/2020/11xxx/CVE-2020-11109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11110.json b/2020/11xxx/CVE-2020-11110.json new file mode 100644 index 00000000000..b91abc2f675 --- /dev/null +++ b/2020/11xxx/CVE-2020-11110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5255.json b/2020/5xxx/CVE-2020-5255.json index 6f26b80911b..080a5fcf3f3 100644 --- a/2020/5xxx/CVE-2020-5255.json +++ b/2020/5xxx/CVE-2020-5255.json @@ -16,10 +16,7 @@ "version": { "version_data": [ { - "version_value": ">= 4.4.0, < 4.4.7" - }, - { - "version_value": ">= 5.0.0, < 5.0.7" + "version_value": "< 4.4" } ] } @@ -38,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header,\naffected versions of Symfony can fallback to the format defined in the `Accept` header of the request,\nleading to a possible mismatch between the response's content and `Content-Type` header.\nWhen the response is cached, this can prevent the use of the website by other users.\n\nThis has been patched in versions 4.4.7 and 5.0.7." + "value": "In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4." } ] }, @@ -88,4 +85,4 @@ "advisory": "GHSA-mcx4-f5f5-4859", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5284.json b/2020/5xxx/CVE-2020-5284.json index 1a962dd6cee..883cabdfdf6 100644 --- a/2020/5xxx/CVE-2020-5284.json +++ b/2020/5xxx/CVE-2020-5284.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Next.js versions before 9.3.2 have a directory traversal vulnerability.\nAttackers could craft special requests to access files in the dist directory (.next).\nThis does not affect files outside of the dist directory (.next).\nIn general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.\n\nThis issue is fixed in version 9.3.2." + "value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2." } ] }, diff --git a/2020/5xxx/CVE-2020-5289.json b/2020/5xxx/CVE-2020-5289.json index ebfc4f5d0a0..8af25b07302 100644 --- a/2020/5xxx/CVE-2020-5289.json +++ b/2020/5xxx/CVE-2020-5289.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model.\nThe adversary can construct filter expressions for an inaccessible field to filter a collection.\nThe presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field.\n\nResolved in Elide 4.5.14 and greater." + "value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater." } ] }, @@ -90,4 +90,4 @@ "advisory": "GHSA-2mxr-89gf-rc4v", "discovery": "UNKNOWN" } -} +} \ No newline at end of file