diff --git a/2020/12xxx/CVE-2020-12861.json b/2020/12xxx/CVE-2020-12861.json index 4a124dbc697..cbfc2232cdb 100644 --- a/2020/12xxx/CVE-2020-12861.json +++ b/2020/12xxx/CVE-2020-12861.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12861", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12861", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12862.json b/2020/12xxx/CVE-2020-12862.json index be2c55266bb..6df0e850735 100644 --- a/2020/12xxx/CVE-2020-12862.json +++ b/2020/12xxx/CVE-2020-12862.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12863.json b/2020/12xxx/CVE-2020-12863.json index cc5386abebd..95a9a63206f 100644 --- a/2020/12xxx/CVE-2020-12863.json +++ b/2020/12xxx/CVE-2020-12863.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12863", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12863", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12864.json b/2020/12xxx/CVE-2020-12864.json index 6cb1fcfbd62..ee3bd028d86 100644 --- a/2020/12xxx/CVE-2020-12864.json +++ b/2020/12xxx/CVE-2020-12864.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12864", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12864", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12865.json b/2020/12xxx/CVE-2020-12865.json index b6553a5729e..b35e73f95d4 100644 --- a/2020/12xxx/CVE-2020-12865.json +++ b/2020/12xxx/CVE-2020-12865.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12865", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12866.json b/2020/12xxx/CVE-2020-12866.json index 21e24b5498f..8f5f991c1e0 100644 --- a/2020/12xxx/CVE-2020-12866.json +++ b/2020/12xxx/CVE-2020-12866.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12866", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html", + "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/12xxx/CVE-2020-12867.json b/2020/12xxx/CVE-2020-12867.json index 3b8e55b6d16..07b8b9794ce 100644 --- a/2020/12xxx/CVE-2020-12867.json +++ b/2020/12xxx/CVE-2020-12867.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075." + "value": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read", "url": "https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", + "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" } ] } diff --git a/2020/14xxx/CVE-2020-14971.json b/2020/14xxx/CVE-2020-14971.json index 71715a8dec5..fa30f86b306 100644 --- a/2020/14xxx/CVE-2020-14971.json +++ b/2020/14xxx/CVE-2020-14971.json @@ -61,6 +61,16 @@ "refsource": "CONFIRM", "name": "https://github.com/pi-hole/AdminLTE/pull/1443", "url": "https://github.com/pi-hole/AdminLTE/pull/1443" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/pi-hole/AdminLTE/commit/c949516ee15fa6a9b0c8511cc4c4d6b0893f3e69", + "url": "https://github.com/pi-hole/AdminLTE/commit/c949516ee15fa6a9b0c8511cc4c4d6b0893f3e69" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/pi-hole/AdminLTE/commit/8f6e1365b6dec0ae1aa0b0b15b102c9133f347e5", + "url": "https://github.com/pi-hole/AdminLTE/commit/8f6e1365b6dec0ae1aa0b0b15b102c9133f347e5" } ] } diff --git a/2020/15xxx/CVE-2020-15014.json b/2020/15xxx/CVE-2020-15014.json new file mode 100644 index 00000000000..acd15ca8267 --- /dev/null +++ b/2020/15xxx/CVE-2020-15014.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pramodmahato/BlogCMS/issues/1", + "refsource": "MISC", + "name": "https://github.com/pramodmahato/BlogCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15015.json b/2020/15xxx/CVE-2020-15015.json new file mode 100644 index 00000000000..d76c4d2e6ec --- /dev/null +++ b/2020/15xxx/CVE-2020-15015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15016.json b/2020/15xxx/CVE-2020-15016.json new file mode 100644 index 00000000000..668e04720b8 --- /dev/null +++ b/2020/15xxx/CVE-2020-15016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15017.json b/2020/15xxx/CVE-2020-15017.json new file mode 100644 index 00000000000..712c2efd7ef --- /dev/null +++ b/2020/15xxx/CVE-2020-15017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15018.json b/2020/15xxx/CVE-2020-15018.json new file mode 100644 index 00000000000..cf6723c90c9 --- /dev/null +++ b/2020/15xxx/CVE-2020-15018.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "playSMS through 1.4.3 is vulnerable to session fixation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/antonraharja/playSMS/issues/605", + "refsource": "MISC", + "name": "https://github.com/antonraharja/playSMS/issues/605" + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15019.json b/2020/15xxx/CVE-2020-15019.json new file mode 100644 index 00000000000..947e5e79e51 --- /dev/null +++ b/2020/15xxx/CVE-2020-15019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15020.json b/2020/15xxx/CVE-2020-15020.json new file mode 100644 index 00000000000..2e462920f66 --- /dev/null +++ b/2020/15xxx/CVE-2020-15020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4071.json b/2020/4xxx/CVE-2020-4071.json index a48770ff7d3..a0fc295c9fb 100644 --- a/2020/4xxx/CVE-2020-4071.json +++ b/2020/4xxx/CVE-2020-4071.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website's server is located.\n\nSites protected by IP address whitelisting only are unaffected by this vulnerability.\n\nThis vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package.\n\nA workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings." + "value": "In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website's server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings." } ] }, diff --git a/2020/7xxx/CVE-2020-7667.json b/2020/7xxx/CVE-2020-7667.json index f8294fb7fa7..eb8cc29a814 100644 --- a/2020/7xxx/CVE-2020-7667.json +++ b/2020/7xxx/CVE-2020-7667.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427" }, { - "refsource": "CONFIRM", - "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0" + "refsource": "MISC", + "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0", + "name": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading \"..\" which leads in file extraction outside of the current directory. \r\n\r\nNote: the fixing commit was applied to all affected versions which were re-released.\r\n\r\n" + "value": "The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading \"..\" which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released." } ] },