"-Synchronized-Data."

2025-06-21 05:40:25 +00:00 · 2024-02-07 13:00:35 +00:00 · 2024-02-07 13:00:35 +00:00 · c35e200fde
commit c35e200fde
parent 3f5d581bc5
3 changed files with 86 additions and 5 deletions
--- a/2023/26xxx/CVE-2023-26135.json
+++ b/2023/26xxx/CVE-2023-26135.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file."
+                "value": "All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file."
            }
        ]
    },
@ -69,6 +69,11 @@
                "url": "https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43",
                "refsource": "MISC",
                "name": "https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43"
+            },
+            {
+                "url": "https://github.com/brycebaril/node-flatnest/commit/27d569baf9d9d25677640edeaf2d13af165868d6",
+                "refsource": "MISC",
+                "name": "https://github.com/brycebaril/node-flatnest/commit/27d569baf9d9d25677640edeaf2d13af165868d6"
            }
        ]
    },
--- a/2023/39xxx/CVE-2023-39196.json
+++ b/2023/39xxx/CVE-2023-39196.json
@ -1,17 +1,88 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-39196",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@apache.org",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Improper Authentication vulnerability in Apache Ozone.\n\nThe vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication.\nThe attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability.\nThe accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone.\nThis issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.\n\nUsers are recommended to upgrade to version 1.4.0, which fixes the issue.\n\n"
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-287 Improper Authentication",
+                        "cweId": "CWE-287"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Apache Software Foundation",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Apache Ozone",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "1.2.0",
+                                            "version_value": "1.3.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://lists.apache.org/thread/o96ct5t7kj5cgrmmfc6756m931t08nky",
+                "refsource": "MISC",
+                "name": "https://lists.apache.org/thread/o96ct5t7kj5cgrmmfc6756m931t08nky"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "INTERNAL"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "NONE",
+                "baseScore": 5.3,
+                "baseSeverity": "MEDIUM",
+                "confidentialityImpact": "LOW",
+                "integrityImpact": "NONE",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                "version": "3.1"
            }
        ]
    }
--- a/2023/51xxx/CVE-2023-51437.json
+++ b/2023/51xxx/CVE-2023-51437.json
@ -73,6 +73,11 @@
                "url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5",
                "refsource": "MISC",
                "name": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5"
+            },
+            {
+                "url": "http://www.openwall.com/lists/oss-security/2024/02/07/1",
+                "refsource": "MISC",
+                "name": "http://www.openwall.com/lists/oss-security/2024/02/07/1"
            }
        ]
    },