From cf2df13dcd23fff2b9118fff5c814d4a7b7c8d9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Jul 2023 22:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/36xxx/CVE-2023-36809.json | 110 +++++++++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36813.json | 86 ++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36821.json | 91 +++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36822.json | 91 +++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36827.json | 86 ++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36828.json | 101 ++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3518.json | 18 ++++++ 7 files changed, 559 insertions(+), 24 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3518.json diff --git a/2023/36xxx/CVE-2023-36809.json b/2023/36xxx/CVE-2023-36809.json index 80c7a3fd5c7..b6b7b760a8a 100644 --- a/2023/36xxx/CVE-2023-36809.json +++ b/2023/36xxx/CVE-2023-36809.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kiwitcms", + "product": { + "product_data": [ + { + "product_name": "Kiwi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 12.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw", + "refsource": "MISC", + "name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw" + }, + { + "url": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/" + }, + { + "url": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/" + }, + { + "url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/", + "refsource": "MISC", + "name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/" + }, + { + "url": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c", + "refsource": "MISC", + "name": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c" + }, + { + "url": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d", + "refsource": "MISC", + "name": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d" + } + ] + }, + "source": { + "advisory": "GHSA-jpgw-2r9m-8qfw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36813.json b/2023/36xxx/CVE-2023-36813.json index 82db80e9396..4a6591477f0 100644 --- a/2023/36xxx/CVE-2023-36813.json +++ b/2023/36xxx/CVE-2023-36813.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kanboard", + "product": { + "product_data": [ + { + "product_name": "kanboard", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.2.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx", + "refsource": "MISC", + "name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx" + }, + { + "url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a", + "refsource": "MISC", + "name": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a" + }, + { + "url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31", + "refsource": "MISC", + "name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31" + } + ] + }, + "source": { + "advisory": "GHSA-9gvq-78jp-jxcx", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36821.json b/2023/36xxx/CVE-2023-36821.json index 0715a9ec100..e0bd1f2aace 100644 --- a/2023/36xxx/CVE-2023-36821.json +++ b/2023/36xxx/CVE-2023-36821.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "louislam", + "product": { + "product_data": [ + { + "product_name": "uptime-kuma", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-7grx-f945-mj96", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-7grx-f945-mj96" + }, + { + "url": "https://github.com/louislam/uptime-kuma/pull/3346", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/pull/3346" + }, + { + "url": "https://github.com/louislam/uptime-kuma/blob/8c60e902e1c76ecbbd1b0423b07ce615341cb850/server/plugins-manager.js#L210-L216", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/blob/8c60e902e1c76ecbbd1b0423b07ce615341cb850/server/plugins-manager.js#L210-L216" + }, + { + "url": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1" + } + ] + }, + "source": { + "advisory": "GHSA-7grx-f945-mj96", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36822.json b/2023/36xxx/CVE-2023-36822.json index 1ed8e19d0f9..a6f80195d70 100644 --- a/2023/36xxx/CVE-2023-36822.json +++ b/2023/36xxx/CVE-2023-36822.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "louislam", + "product": { + "product_data": [ + { + "product_name": "uptime-kuma", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-vr8x-74pm-6vj7", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-vr8x-74pm-6vj7" + }, + { + "url": "https://github.com/louislam/uptime-kuma/pull/3346", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/pull/3346" + }, + { + "url": "https://github.com/louislam/uptime-kuma/blob/de74efb2e6601dcbcfed32cddefc4078a80fcb0b/server/plugins-manager.js#L75-L80", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/blob/de74efb2e6601dcbcfed32cddefc4078a80fcb0b/server/plugins-manager.js#L75-L80" + }, + { + "url": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1", + "refsource": "MISC", + "name": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1" + } + ] + }, + "source": { + "advisory": "GHSA-vr8x-74pm-6vj7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36827.json b/2023/36xxx/CVE-2023-36827.json index 81e638f0915..25ef771e73a 100644 --- a/2023/36xxx/CVE-2023-36827.json +++ b/2023/36xxx/CVE-2023-36827.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability is patched in fides `2.15.1`.\n\nIf the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca's security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can't be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ethyca", + "product": { + "product_data": [ + { + "product_name": "fides", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.15.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq", + "refsource": "MISC", + "name": "https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq" + }, + { + "url": "https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f", + "refsource": "MISC", + "name": "https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f" + }, + { + "url": "https://github.com/ethyca/fides/releases/tag/2.15.1", + "refsource": "MISC", + "name": "https://github.com/ethyca/fides/releases/tag/2.15.1" + } + ] + }, + "source": { + "advisory": "GHSA-r25m-cr6v-p9hq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36828.json b/2023/36xxx/CVE-2023-36828.json index d1158db3f9c..91066025c60 100644 --- a/2023/36xxx/CVE-2023-36828.json +++ b/2023/36xxx/CVE-2023-36828.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "statamic", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g" + }, + { + "url": "https://github.com/statamic/cms/pull/8408", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/pull/8408" + }, + { + "url": "https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d" + }, + { + "url": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15" + }, + { + "url": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40" + }, + { + "url": "https://github.com/statamic/cms/releases/tag/v4.10.0", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/releases/tag/v4.10.0" + } + ] + }, + "source": { + "advisory": "GHSA-6r5g-cq4q-327g", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3518.json b/2023/3xxx/CVE-2023-3518.json new file mode 100644 index 00000000000..4d7982bb03a --- /dev/null +++ b/2023/3xxx/CVE-2023-3518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file