admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-18 14:01:19 +00:00
parent 78f636d52d
commit d911316219
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2022/0xxx/CVE-2022-0451.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond."
"value": "Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond."
}
]
},
@ -75,16 +75,18 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://dart-review.googlesource.com/c/sdk/+/229947"
"refsource": "MISC",
"url": "https://dart-review.googlesource.com/c/sdk/+/229947",
"name": "https://dart-review.googlesource.com/c/sdk/+/229947"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc"
"refsource": "MISC",
"url": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc",
"name": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

12
2022/25xxx/CVE-2022-25299.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180",
"name": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945"
"refsource": "MISC",
"url": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945",
"name": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package cesanta/mongoose before 7.6.\n The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.\r\n\r\n"
"value": "This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder."
}
]
},