admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-26 16:00:57 +00:00
parent d23730a13b
commit c6a6dc928d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2021/23xxx/CVE-2021-23382.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
"name": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956"
"refsource": "MISC",
"url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956",
"name": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).\r\n\r\n"
"value": "The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*)."
}
]
},

12
2021/27xxx/CVE-2021-27851.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability that can lead to local privilege escalation has been found in guix-daemon. It affects multi-user setups in which guix-daemon runs locally.\n\nThe attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable."
"value": "A security vulnerability that can lead to local privilege escalation has been found in \u2019guix-daemon\u2019. It affects multi-user setups in which \u2019guix-daemon\u2019 runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable."
}
]
},
@ -69,12 +69,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/"
"refsource": "MISC",
"url": "https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/",
"name": "https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/"
},
{
"refsource": "CONFIRM",
"url": "https://bugs.gnu.org/47229"
"refsource": "MISC",
"url": "https://bugs.gnu.org/47229",
"name": "https://bugs.gnu.org/47229"
}
]
},