From bcb0ca9c19a2b2edea7eb97e45f40137fae9a50f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Dec 2022 12:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/34xxx/CVE-2022-34916.json | 106 +++++++++++++------------------- 2022/40xxx/CVE-2022-40955.json | 108 ++++++++++++++------------------- 2 files changed, 88 insertions(+), 126 deletions(-) diff --git a/2022/34xxx/CVE-2022-34916.json b/2022/34xxx/CVE-2022-34916.json index e295800c1de..12590009697 100644 --- a/2022/34xxx/CVE-2022-34916.json +++ b/2022/34xxx/CVE-2022-34916.json @@ -1,49 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-34916", - "STATE": "PUBLIC", - "TITLE": "Improper Input Validation (JNDI Injection) in JMSMessageConsumer" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache Flume", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "flume-jms-source", - "version_value": "1.11.0" - }, - { - "version_affected": ">=", - "version_name": "flume-jms-source", - "version_value": "1.4.0" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Apache Flume would like to thank Frentzen Amaral for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-34916", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -52,57 +15,70 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - {} - ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Flume", + "version": { + "version_data": [ + { + "version_value": "flume-jms-source", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/FLUME-3428", + "refsource": "MISC", "name": "https://issues.apache.org/jira/browse/FLUME-3428" }, { - "refsource": "MISC", "url": "https://lists.apache.org/thread/qkmt4r2t9tbrxrdbjg1m2oczbvczd9zn", + "refsource": "MISC", "name": "https://lists.apache.org/thread/qkmt4r2t9tbrxrdbjg1m2oczbvczd9zn" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "defect": [ "FLUME-3428" ], "discovery": "UNKNOWN" }, - "timeline": [ + "credits": [ { - "lang": "eng", - "time": "2022-06-21", - "value": "Reported" + "lang": "en", + "value": "Apache Flume would like to thank Frentzen Amaral for reporting this issue." } ] } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40955.json b/2022/40xxx/CVE-2022-40955.json index aa65aa4248e..e6c514eea23 100644 --- a/2022/40xxx/CVE-2022-40955.json +++ b/2022/40xxx/CVE-2022-40955.json @@ -1,44 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40955", - "STATE": "PUBLIC", - "TITLE": "Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache InLong", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "Apache InLong", - "version_value": "1.3.0" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by 4ra1n of Chaitin Tech." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40955", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -47,49 +15,67 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - { - "other": "important" - } - ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-502: Deserialization of Untrusted Data" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-641: Improper Restriction of Names for Files and Other Resources" + "value": "CWE-502: Deserialization of Untrusted Data", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache InLong", + "version": { + "version_data": [ + { + "version_value": "Apache InLong", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1", + "refsource": "MISC", "name": "https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC", - "url": "http://www.openwall.com/lists/oss-security/2022/09/22/5" + "url": "http://www.openwall.com/lists/oss-security/2022/09/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/09/22/5" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by 4ra1n of Chaitin Tech." + } + ] } \ No newline at end of file