admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-20 18:03:41 +00:00
parent de8af1cb94
commit b8c70cdd16
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
2020/28xxx/CVE-2020-28452.json
View File

@ -92,24 +92,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674"
"refsource": "MISC",
"url": "https://github.com/softwaremill/akka-http-session/issues/77",
"name": "https://github.com/softwaremill/akka-http-session/issues/77"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/softwaremill/akka-http-session/issues/77"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/softwaremill/akka-http-session/pull/79"
"refsource": "MISC",
"url": "https://github.com/softwaremill/akka-http-session/pull/79",
"name": "https://github.com/softwaremill/akka-http-session/pull/79"
}
]
},
@ -117,7 +122,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1.\n CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.\n"
"value": "This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty."
}
]
},

12
2020/28xxx/CVE-2020-28483.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"
"refsource": "MISC",
"url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437",
"name": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package github.com/gin-gonic/gin.\n When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.\n"
"value": "This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header."
}
]
},

2
2021/21xxx/CVE-2021-21269.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server.\nIn Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed.\n\nThis is fixed in version 0.2.0."
"value": "Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0."
}
]
},

5
2021/3xxx/CVE-2021-3178.json
View File

@ -56,6 +56,11 @@
"url": "https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6"
}
]
}