mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
103 lines
3.4 KiB
JSON
103 lines
3.4 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2018-20149",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update",
|
|
"refsource" : "MLIST",
|
|
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"
|
|
},
|
|
{
|
|
"name" : "https://codex.wordpress.org/Version_4.9.9",
|
|
"refsource" : "MISC",
|
|
"url" : "https://codex.wordpress.org/Version_4.9.9"
|
|
},
|
|
{
|
|
"name" : "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"
|
|
},
|
|
{
|
|
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
|
|
},
|
|
{
|
|
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
|
|
},
|
|
{
|
|
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
|
|
},
|
|
{
|
|
"name" : "https://wpvulndb.com/vulnerabilities/9175",
|
|
"refsource" : "MISC",
|
|
"url" : "https://wpvulndb.com/vulnerabilities/9175"
|
|
},
|
|
{
|
|
"name" : "DSA-4401",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "https://www.debian.org/security/2019/dsa-4401"
|
|
},
|
|
{
|
|
"name" : "106220",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/106220"
|
|
}
|
|
]
|
|
}
|
|
}
|