admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-527xx/CVE-2024-52793.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

90 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-52793",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-22T16:15:34.103",
"lastModified": "2024-11-22T16:15:34.103",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue."
},
{
"lang": "es",
"value": "La librer\u00eda est\u00e1ndar de Deno proporciona API para Deno y la Web. Antes de la versi\u00f3n 1.0.11, el `serveDir` de `http/file-server` con la opci\u00f3n `showDirListing: true` era vulnerable a cross-site scripting cuando el atacante era un usuario que pod\u00eda controlar los nombres de archivo en el directorio de origen en sistemas con nombres de archivo POSIX. La explotaci\u00f3n tambi\u00e9n podr\u00eda ser posible en otros sistemas, pero es menos trivial debido, por ejemplo, a la falta de compatibilidad de nombres de archivo para `&lt;&gt;` en Windows. La versi\u00f3n 1.0.11 soluciona el problema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L507",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L532",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/denoland/std/security/advisories/GHSA-32fx-h446-h8pf",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink