"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-12-22 14:01:54 +00:00 · 2020-12-22 14:01:54 +00:00 · f88475da40
commit f88475da40
parent 35fba6e3ee
5 changed files with 35 additions and 11 deletions
--- a/2020/13xxx/CVE-2020-13931.json
+++ b/2020/13xxx/CVE-2020-13931.json
@ -48,6 +48,11 @@
                "refsource": "MISC",
                "name": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E",
                "url": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[tomee-dev] 20201222 Re: CVE-2020-13931 is Fake vulnerability",
+                "url": "https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4@%3Cdev.tomee.apache.org%3E"
            }
        ]
    },
--- a/2020/1xxx/CVE-2020-1953.json
+++ b/2020/1xxx/CVE-2020-1953.json
@ -70,6 +70,11 @@
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E",
+                "url": "https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E"
            }
        ]
    },
--- a/2020/22xxx/CVE-2020-22083.json
+++ b/2020/22xxx/CVE-2020-22083.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function."
+                "value": "** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data."
            }
        ]
    },
@ -71,6 +71,16 @@
                "refsource": "MISC",
                "name": "https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874",
                "url": "https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/jsonpickle/jsonpickle/issues/332#issuecomment-747807494",
+                "url": "https://github.com/jsonpickle/jsonpickle/issues/332#issuecomment-747807494"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://access.redhat.com/security/cve/CVE-2020-22083",
+                "url": "https://access.redhat.com/security/cve/CVE-2020-22083"
            }
        ]
    }
--- a/2020/28xxx/CVE-2020-28448.json
+++ b/2020/28xxx/CVE-2020-28448.json
@ -48,12 +48,14 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1048969"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1048969",
+                "name": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1048969"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://github.com/evangelion1204/multi-ini/pull/37"
+                "refsource": "MISC",
+                "url": "https://github.com/evangelion1204/multi-ini/pull/37",
+                "name": "https://github.com/evangelion1204/multi-ini/pull/37"
            }
        ]
    },
@ -61,7 +63,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "This affects the package multi-ini before 2.1.1.\n It is possible to pollute an object's prototype by specifying the proto object as part of an array. \r\n\r\n"
+                "value": "This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array."
            }
        ]
    },
--- a/2020/28xxx/CVE-2020-28460.json
+++ b/2020/28xxx/CVE-2020-28460.json
@ -48,12 +48,14 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1053229"
+                "refsource": "MISC",
+                "url": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1053229",
+                "name": "https://snyk.io/vuln/SNYK-JS-MULTIINI-1053229"
            },
            {
-                "refsource": "CONFIRM",
-                "url": "https://github.com/evangelion1204/multi-ini/commit/6b2212b2ce152c19538a2431415f72942c5a1bde"
+                "refsource": "MISC",
+                "url": "https://github.com/evangelion1204/multi-ini/commit/6b2212b2ce152c19538a2431415f72942c5a1bde",
+                "name": "https://github.com/evangelion1204/multi-ini/commit/6b2212b2ce152c19538a2431415f72942c5a1bde"
            }
        ]
    },
@ -61,7 +63,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "This affects the package multi-ini before 2.1.2.\n It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.\r\n\r\n"
+                "value": "This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448."
            }
        ]
    },