diff --git a/2020/28xxx/CVE-2020-28452.json b/2020/28xxx/CVE-2020-28452.json index bb1a967f652..766ba421c59 100644 --- a/2020/28xxx/CVE-2020-28452.json +++ b/2020/28xxx/CVE-2020-28452.json @@ -92,24 +92,29 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674" + "refsource": "MISC", + "url": "https://github.com/softwaremill/akka-http-session/issues/77", + "name": "https://github.com/softwaremill/akka-http-session/issues/77" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675" }, { - "refsource": "CONFIRM", - "url": "https://github.com/softwaremill/akka-http-session/issues/77" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933" }, { - "refsource": "CONFIRM", - "url": "https://github.com/softwaremill/akka-http-session/pull/79" + "refsource": "MISC", + "url": "https://github.com/softwaremill/akka-http-session/pull/79", + "name": "https://github.com/softwaremill/akka-http-session/pull/79" } ] }, @@ -117,7 +122,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1.\n CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.\n" + "value": "This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty." } ] }, diff --git a/2020/28xxx/CVE-2020-28483.json b/2020/28xxx/CVE-2020-28483.json index f3040bc1b88..58ae07e863a 100644 --- a/2020/28xxx/CVE-2020-28483.json +++ b/2020/28xxx/CVE-2020-28483.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736" }, { - "refsource": "CONFIRM", - "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437" + "refsource": "MISC", + "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437", + "name": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package github.com/gin-gonic/gin.\n When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.\n" + "value": "This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header." } ] }, diff --git a/2021/21xxx/CVE-2021-21269.json b/2021/21xxx/CVE-2021-21269.json index 493297c2645..681a6618abe 100644 --- a/2021/21xxx/CVE-2021-21269.json +++ b/2021/21xxx/CVE-2021-21269.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server.\nIn Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed.\n\nThis is fixed in version 0.2.0." + "value": "Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0." } ] }, diff --git a/2021/3xxx/CVE-2021-3178.json b/2021/3xxx/CVE-2021-3178.json index 60c1bd99b24..65b34b1a61d 100644 --- a/2021/3xxx/CVE-2021-3178.json +++ b/2021/3xxx/CVE-2021-3178.json @@ -56,6 +56,11 @@ "url": "https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/", "refsource": "MISC", "name": "https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6" } ] }