mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
105 lines
4.1 KiB
JSON
105 lines
4.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-28191",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
|
|
"cweId": "CWE-74"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "contao",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "contao",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 4.0.0, < 4.13.40"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 5.0.0, < 5.3.4"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8"
|
|
},
|
|
{
|
|
"url": "https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919"
|
|
},
|
|
{
|
|
"url": "https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b"
|
|
},
|
|
{
|
|
"url": "https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator",
|
|
"refsource": "MISC",
|
|
"name": "https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-747v-52c4-8vj8",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.1,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |