mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
121 lines
4.1 KiB
JSON
121 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2020-36628",
|
|
"sourceIdentifier": "cna@vuldb.com",
|
|
"published": "2022-12-25T11:15:10.763",
|
|
"lastModified": "2024-03-21T02:36:49.237",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad ha sido encontrada en Calsign APDE y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n handleExtract del archivo APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java del componente ZIP File Handler. La manipulaci\u00f3n conduce a path traversal. La actualizaci\u00f3n a la versi\u00f3n 0.5.2-pre2-alpha puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216747."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "cna@vuldb.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.1,
|
|
"impactScore": 3.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@vuldb.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:*:*:*:*:*:android:*:*",
|
|
"versionEndExcluding": "0.5.2",
|
|
"matchCriteriaId": "69E22EA1-7C82-4F29-8BC0-A642B063CBDC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:0.5.2:pre1_alpha:*:*:*:android:*:*",
|
|
"matchCriteriaId": "E8315D57-8F8F-431C-A74B-5523BA512004"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf",
|
|
"source": "cna@vuldb.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha",
|
|
"source": "cna@vuldb.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?id.216747",
|
|
"source": "cna@vuldb.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |