From d220aa8e8ade0570d68875740e8272d108c82113 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Jun 2020 17:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/7xxx/CVE-2014-7173.json | 48 ++++++++++++++++++++++++++++++++-- 2014/7xxx/CVE-2014-7174.json | 48 ++++++++++++++++++++++++++++++++-- 2014/7xxx/CVE-2014-7175.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8937.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8938.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8939.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8940.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8941.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8942.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8943.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8944.json | 48 ++++++++++++++++++++++++++++++++-- 2014/8xxx/CVE-2014-8945.json | 48 ++++++++++++++++++++++++++++++++-- 2014/9xxx/CVE-2014-9702.json | 48 ++++++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20225.json | 7 ++++- 14 files changed, 604 insertions(+), 27 deletions(-) diff --git a/2014/7xxx/CVE-2014-7173.json b/2014/7xxx/CVE-2014-7173.json index b6cc5821a59..3e4b5d8e54f 100644 --- a/2014/7xxx/CVE-2014-7173.json +++ b/2014/7xxx/CVE-2014-7173.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7173", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html" } ] } diff --git a/2014/7xxx/CVE-2014-7174.json b/2014/7xxx/CVE-2014-7174.json index 68b4f143e81..4cf89cad65e 100644 --- a/2014/7xxx/CVE-2014-7174.json +++ b/2014/7xxx/CVE-2014-7174.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7174", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html" } ] } diff --git a/2014/7xxx/CVE-2014-7175.json b/2014/7xxx/CVE-2014-7175.json index 0fd7e9b84dc..bbb214a52bb 100644 --- a/2014/7xxx/CVE-2014-7175.json +++ b/2014/7xxx/CVE-2014-7175.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7175", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8937.json b/2014/8xxx/CVE-2014-8937.json index f6ad711e3a9..93c732f6117 100644 --- a/2014/8xxx/CVE-2014-8937.json +++ b/2014/8xxx/CVE-2014-8937.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8937", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8938.json b/2014/8xxx/CVE-2014-8938.json index ef5c091368d..5286a72c348 100644 --- a/2014/8xxx/CVE-2014-8938.json +++ b/2014/8xxx/CVE-2014-8938.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8938", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8939.json b/2014/8xxx/CVE-2014-8939.json index 5149f49fd5c..360378f6624 100644 --- a/2014/8xxx/CVE-2014-8939.json +++ b/2014/8xxx/CVE-2014-8939.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8939", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8940.json b/2014/8xxx/CVE-2014-8940.json index 9b50e0cc021..476e78799ae 100644 --- a/2014/8xxx/CVE-2014-8940.json +++ b/2014/8xxx/CVE-2014-8940.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8940", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8941.json b/2014/8xxx/CVE-2014-8941.json index 9fceda5fc2a..2a8f242820c 100644 --- a/2014/8xxx/CVE-2014-8941.json +++ b/2014/8xxx/CVE-2014-8941.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8941", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8942.json b/2014/8xxx/CVE-2014-8942.json index f3b3702e2c9..589dfde3cae 100644 --- a/2014/8xxx/CVE-2014-8942.json +++ b/2014/8xxx/CVE-2014-8942.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8942", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8943.json b/2014/8xxx/CVE-2014-8943.json index ce5dcefd1be..d7c376b206e 100644 --- a/2014/8xxx/CVE-2014-8943.json +++ b/2014/8xxx/CVE-2014-8943.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8943", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8944.json b/2014/8xxx/CVE-2014-8944.json index a2ef694b695..8f8f23bac8d 100644 --- a/2014/8xxx/CVE-2014-8944.json +++ b/2014/8xxx/CVE-2014-8944.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8944", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/8xxx/CVE-2014-8945.json b/2014/8xxx/CVE-2014-8945.json index 63d68f69f73..237554c38e4 100644 --- a/2014/8xxx/CVE-2014-8945.json +++ b/2014/8xxx/CVE-2014-8945.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html" } ] } diff --git a/2014/9xxx/CVE-2014-9702.json b/2014/9xxx/CVE-2014-9702.json index 2e01266adfd..86149aa013b 100644 --- a/2014/9xxx/CVE-2014-9702.json +++ b/2014/9xxx/CVE-2014-9702.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9702", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html", + "refsource": "MISC", + "name": "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html" } ] } diff --git a/2018/20xxx/CVE-2018-20225.json b/2018/20xxx/CVE-2018-20225.json index ee9f1c6ac6f..ad82c4381e0 100644 --- a/2018/20xxx/CVE-2018-20225.json +++ b/2018/20xxx/CVE-2018-20225.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number)." + "value": "** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely." } ] }, @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[arrow-github] 20200527 [GitHub] [arrow] BinduAggarwal opened a new pull request #7294: upgrading pip/wheel/setuptools", "url": "https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2@%3Cgithub.arrow.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1835736", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835736" } ] }