Auto-merge PR#4502

2025-05-08 11:37:04 +00:00 · 2022-02-11 10:50:26 -05:00 · 2022-02-11 10:50:26 -05:00 · fe852f7d5b
commit fe852f7d5b
parent 4f8b026f57 aff9080c67
1 changed files with 63 additions and 7 deletions
--- a/2020/13xxx/CVE-2020-13675.json
+++ b/2020/13xxx/CVE-2020-13675.json
@ -1,18 +1,74 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@drupal.org",
        "ID": "CVE-2020-13675",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Core",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.2.x",
+                                            "version_value": "9.2.6"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.1.x",
+                                            "version_value": "9.1.13"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "8.9.x",
+                                            "version_value": "8.9.19"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Drupal"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-284 Improper Access Control"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://www.drupal.org/sa-core-2021-008",
+                "refsource": "CONFIRM",
+                "url": "https://www.drupal.org/sa-core-2021-008"
            }
        ]
    }
-}
+}