diff --git a/2019/18xxx/CVE-2019-18836.json b/2019/18xxx/CVE-2019-18836.json new file mode 100644 index 00000000000..aa7462d0838 --- /dev/null +++ b/2019/18xxx/CVE-2019-18836.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Envoy before 1.12.1 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/forum/#!forum/envoy-users", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!forum/envoy-users" + }, + { + "url": "https://blog.envoyproxy.io", + "refsource": "MISC", + "name": "https://blog.envoyproxy.io" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46", + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46" + }, + { + "refsource": "MISC", + "name": "https://github.com/istio/istio/issues/18229", + "url": "https://github.com/istio/istio/issues/18229" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18841.json b/2019/18xxx/CVE-2019-18841.json new file mode 100644 index 00000000000..cb4cfde3a71 --- /dev/null +++ b/2019/18xxx/CVE-2019-18841.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rubygems.org/gems/chartkick/", + "refsource": "MISC", + "name": "https://rubygems.org/gems/chartkick/" + }, + { + "url": "https://github.com/ankane/chartkick/commits/master", + "refsource": "MISC", + "name": "https://github.com/ankane/chartkick/commits/master" + }, + { + "url": "https://chartkick.com", + "refsource": "MISC", + "name": "https://chartkick.com" + }, + { + "url": "https://github.com/ankane/chartkick/blob/master/CHANGELOG.md", + "refsource": "MISC", + "name": "https://github.com/ankane/chartkick/blob/master/CHANGELOG.md" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa", + "url": "https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa" + } + ] + } +} \ No newline at end of file