From d9113162191f4c3ee02721a66cbfeaeafece1267 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Feb 2022 14:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/0xxx/CVE-2022-0451.json | 14 ++++++++------ 2022/25xxx/CVE-2022-25299.json | 12 +++++++----- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/2022/0xxx/CVE-2022-0451.json b/2022/0xxx/CVE-2022-0451.json index 244bf38d18b..924f6bbcbf6 100644 --- a/2022/0xxx/CVE-2022-0451.json +++ b/2022/0xxx/CVE-2022-0451.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond." + "value": "Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond." } ] }, @@ -75,16 +75,18 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://dart-review.googlesource.com/c/sdk/+/229947" + "refsource": "MISC", + "url": "https://dart-review.googlesource.com/c/sdk/+/229947", + "name": "https://dart-review.googlesource.com/c/sdk/+/229947" }, { - "refsource": "CONFIRM", - "url": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc" + "refsource": "MISC", + "url": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc", + "name": "https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc" } ] }, "source": { "discovery": "INTERNAL" } - } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25299.json b/2022/25xxx/CVE-2022-25299.json index d6c542bfdb9..a723ca46026 100644 --- a/2022/25xxx/CVE-2022-25299.json +++ b/2022/25xxx/CVE-2022-25299.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180", + "name": "https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180" }, { - "refsource": "CONFIRM", - "url": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945" + "refsource": "MISC", + "url": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945", + "name": "https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package cesanta/mongoose before 7.6.\n The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.\r\n\r\n" + "value": "This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder." } ] },