"-Synchronized-Data."

2025-05-08 11:37:04 +00:00 · 2019-12-05 20:01:07 +00:00 · 2019-12-05 20:01:07 +00:00 · e2114e11a1
commit e2114e11a1
parent 1e8edfc2f6
2 changed files with 69 additions and 2 deletions
--- a/2019/16xxx/CVE-2019-16770.json
+++ b/2019/16xxx/CVE-2019-16770.json
@ -37,7 +37,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.\n\nIf more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough."
+                "value": "A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough."
            }
        ]
    },
@ -88,4 +88,4 @@
            "value": "Reverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma's thread pool."
        }
    ]
-}
+}
--- a/2019/19xxx/CVE-2019-19609.json
+++ b/2019/19xxx/CVE-2019-19609.json
@ -0,0 +1,67 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-19609",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/",
+                "refsource": "MISC",
+                "name": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
+            },
+            {
+                "url": "https://github.com/strapi/strapi/pull/4636",
+                "refsource": "MISC",
+                "name": "https://github.com/strapi/strapi/pull/4636"
+            }
+        ]
+    }
+}