diff --git a/2019/1010xxx/CVE-2019-1010318.json b/2019/1010xxx/CVE-2019-1010318.json index 461345d5380..0cce99a7cf2 100644 --- a/2019/1010xxx/CVE-2019-1010318.json +++ b/2019/1010xxx/CVE-2019-1010318.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "ID": "CVE-2019-1010318", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "WavPack", - "product": { - "product_data": [ - { - "product_name": "WavPack", - "version": { - "version_data": [ - { - "version_value": "<=5.1.0 [fixed: After commit https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4]" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1010318", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: WavpackSetConfiguration64 (pack_utils.c:198). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-457: Use of Uninitialized Variable" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/dbry/WavPack/issues/67", - "refsource": "MISC", - "name": "https://github.com/dbry/WavPack/issues/67" - }, - { - "refsource": "MISC", - "name": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4", - "url": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11498. Reason: This candidate is a reservation duplicate of CVE-2019-11498. Notes: All CVE users should reference CVE-2019-11498 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/13xxx/CVE-2019-13594.json b/2019/13xxx/CVE-2019-13594.json new file mode 100644 index 00000000000..3cfc5e38373 --- /dev/null +++ b/2019/13xxx/CVE-2019-13594.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mirumee/saleor/releases/tag/2.8.0", + "refsource": "MISC", + "name": "https://github.com/mirumee/saleor/releases/tag/2.8.0" + } + ] + } +} \ No newline at end of file