diff --git a/2019/20xxx/CVE-2019-20367.json b/2019/20xxx/CVE-2019-20367.json index 15a876116c6..a0a072d8f17 100644 --- a/2019/20xxx/CVE-2019-20367.json +++ b/2019/20xxx/CVE-2019-20367.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20210401 CVE-2019-20367 - TomEE not affected", "url": "https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20210401 Re: CVE-2019-20367 - TomEE not affected", + "url": "https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5@%3Cdev.tomee.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28918.json b/2021/28xxx/CVE-2021-28918.json index 3f5efeaa5f0..6e2001de63b 100644 --- a/2021/28xxx/CVE-2021-28918.json +++ b/2021/28xxx/CVE-2021-28918.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28918", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/netmask", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/netmask" + }, + { + "url": "https://github.com/rs/node-netmask", + "refsource": "MISC", + "name": "https://github.com/rs/node-netmask" + }, + { + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/", + "url": "https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-pch5-whg9-qr2r", + "url": "https://github.com/advisories/GHSA-pch5-whg9-qr2r" + }, + { + "refsource": "MISC", + "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md", + "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md" } ] }