From b2ecf3c4872f78bcb2b1e81f55404caca4aa0c47 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 23 Feb 2024 07:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-23T07:00:24.424534+00:00 --- CVE-2024/CVE-2024-222xx/CVE-2024-22243.json | 43 +++++++++++++++++++++ README.md | 41 +++----------------- 2 files changed, 49 insertions(+), 35 deletions(-) create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22243.json diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22243.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22243.json new file mode 100644 index 00000000000..067e8cf2034 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22243.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22243", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-23T05:15:08.143", + "lastModified": "2024-02-23T05:15:08.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2024-22243", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5a0923402b4..c9c71a61291 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-23T03:00:25.185822+00:00 +2024-02-23T07:00:24.424534+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-23T02:42:58.253000+00:00 +2024-02-23T05:15:08.143000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239273 +239274 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -* [CVE-2024-1683](CVE-2024/CVE-2024-16xx/CVE-2024-1683.json) (`2024-02-23T01:15:52.700`) -* [CVE-2024-1781](CVE-2024/CVE-2024-17xx/CVE-2024-1781.json) (`2024-02-23T01:15:52.913`) -* [CVE-2024-1783](CVE-2024/CVE-2024-17xx/CVE-2024-1783.json) (`2024-02-23T01:15:53.140`) -* [CVE-2024-1784](CVE-2024/CVE-2024-17xx/CVE-2024-1784.json) (`2024-02-23T01:15:53.363`) -* [CVE-2024-1786](CVE-2024/CVE-2024-17xx/CVE-2024-1786.json) (`2024-02-23T01:15:53.587`) +* [CVE-2024-22243](CVE-2024/CVE-2024-222xx/CVE-2024-22243.json) (`2024-02-23T05:15:08.143`) ### CVEs modified in the last Commit -Recently modified CVEs: `28` +Recently modified CVEs: `0` -* [CVE-2024-1709](CVE-2024/CVE-2024-17xx/CVE-2024-1709.json) (`2024-02-23T02:00:01.867`) -* [CVE-2024-0232](CVE-2024/CVE-2024-02xx/CVE-2024-0232.json) (`2024-02-23T02:15:44.760`) -* [CVE-2024-1669](CVE-2024/CVE-2024-16xx/CVE-2024-1669.json) (`2024-02-23T02:15:44.890`) -* [CVE-2024-1670](CVE-2024/CVE-2024-16xx/CVE-2024-1670.json) (`2024-02-23T02:15:44.940`) -* [CVE-2024-1671](CVE-2024/CVE-2024-16xx/CVE-2024-1671.json) (`2024-02-23T02:15:44.977`) -* [CVE-2024-1672](CVE-2024/CVE-2024-16xx/CVE-2024-1672.json) (`2024-02-23T02:15:45.017`) -* [CVE-2024-1673](CVE-2024/CVE-2024-16xx/CVE-2024-1673.json) (`2024-02-23T02:15:45.057`) -* [CVE-2024-1674](CVE-2024/CVE-2024-16xx/CVE-2024-1674.json) (`2024-02-23T02:15:45.093`) -* [CVE-2024-1675](CVE-2024/CVE-2024-16xx/CVE-2024-1675.json) (`2024-02-23T02:15:45.130`) -* [CVE-2024-1676](CVE-2024/CVE-2024-16xx/CVE-2024-1676.json) (`2024-02-23T02:15:45.173`) -* [CVE-2024-25129](CVE-2024/CVE-2024-251xx/CVE-2024-25129.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25130](CVE-2024/CVE-2024-251xx/CVE-2024-25130.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25385](CVE-2024/CVE-2024-253xx/CVE-2024-25385.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-26128](CVE-2024/CVE-2024-261xx/CVE-2024-26128.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-26151](CVE-2024/CVE-2024-261xx/CVE-2024-26151.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-1748](CVE-2024/CVE-2024-17xx/CVE-2024-1748.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-1749](CVE-2024/CVE-2024-17xx/CVE-2024-1749.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-1750](CVE-2024/CVE-2024-17xx/CVE-2024-1750.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25369](CVE-2024/CVE-2024-253xx/CVE-2024-25369.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25746](CVE-2024/CVE-2024-257xx/CVE-2024-25746.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-26152](CVE-2024/CVE-2024-261xx/CVE-2024-26152.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25748](CVE-2024/CVE-2024-257xx/CVE-2024-25748.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25753](CVE-2024/CVE-2024-257xx/CVE-2024-25753.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-25756](CVE-2024/CVE-2024-257xx/CVE-2024-25756.json) (`2024-02-23T02:42:54.547`) -* [CVE-2024-22547](CVE-2024/CVE-2024-225xx/CVE-2024-22547.json) (`2024-02-23T02:42:58.253`) ## Download and Usage