Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
174 vulnerabilities
CVE-2017-1002201 (GCVE-0-2017-1002201)
Vulnerability from cvelistv5 – Published: 2019-10-15 17:35 – Updated: 2024-08-05 22:08
VLAI
Summary
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
Severity
No CVSS data available.
CWE
- Cross-site Scripting (XSS)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/haml/haml/commit/18576ae6e9bdc… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-RUBY-HAML-20362 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202007-27 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| http://haml.info/ | haml |
Affected:
All versions prior to version 5.0.0.beta.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:11.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-HAML-20362"
},
{
"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1986-1] ruby-haml security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html"
},
{
"name": "GLSA-202007-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-27"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2864-1] ruby-haml security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "haml",
"vendor": "http://haml.info/",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 5.0.0.beta.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like \u003c \u003e \" \u0027 must be escaped properly. In this case, the \u0027 character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T14:06:09.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-HAML-20362"
},
{
"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1986-1] ruby-haml security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html"
},
{
"name": "GLSA-202007-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-27"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2864-1] ruby-haml security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2017-1002201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "haml",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 5.0.0.beta.2"
}
]
}
}
]
},
"vendor_name": "http://haml.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like \u003c \u003e \" \u0027 must be escaped properly. In this case, the \u0027 character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2",
"refsource": "MISC",
"url": "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2"
},
{
"name": "https://snyk.io/vuln/SNYK-RUBY-HAML-20362",
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-RUBY-HAML-20362"
},
{
"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1986-1] ruby-haml security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html"
},
{
"name": "GLSA-202007-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-27"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2864-1] ruby-haml security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2017-1002201",
"datePublished": "2019-10-15T17:35:57.000Z",
"dateReserved": "2019-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:11.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020002 (GCVE-0-2019-1020002)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:25 – Updated: 2024-08-05 03:14
VLAI
Summary
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
Severity
No CVSS data available.
CWE
- credential sniffing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pterodactyl/panel/security/adv… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pterodactyl | Pterodactyl Panel |
Affected:
< 0.7.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pterodactyl Panel",
"vendor": "Pterodactyl",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pterodactyl before 0.7.14 with 2FA allows credential sniffing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "credential sniffing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:25:23.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pterodactyl Panel",
"version": {
"version_data": [
{
"version_value": "\u003c 0.7.14"
}
]
}
}
]
},
"vendor_name": "Pterodactyl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pterodactyl before 0.7.14 with 2FA allows credential sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "credential sniffing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8",
"refsource": "CONFIRM",
"url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020002",
"datePublished": "2019-07-29T14:25:23.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020004 (GCVE-0-2019-1020004)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:20 – Updated: 2024-08-05 03:14
VLAI
Summary
Tridactyl before 1.16.0 allows fake key events.
Severity
No CVSS data available.
CWE
- fake key events
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/tridactyl/tridactyl/security/a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tridactyl",
"vendor": "Tridactyl",
"versions": [
{
"status": "affected",
"version": "\u003c 1.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tridactyl before 1.16.0 allows fake key events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "fake key events",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:20:39.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tridactyl",
"version": {
"version_data": [
{
"version_value": "\u003c 1.16.0"
}
]
}
}
]
},
"vendor_name": "Tridactyl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tridactyl before 1.16.0 allows fake key events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "fake key events"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f",
"refsource": "MISC",
"url": "https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020004",
"datePublished": "2019-07-29T14:20:39.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020007 (GCVE-0-2019-1020007)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:18 – Updated: 2024-08-05 03:14
VLAI
Summary
Dependency-Track before 3.5.1 allows XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/DependencyTrack/dependency-tra… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dependency-Track | Dependency-Track |
Affected:
>=3.0.0 <= 3.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/DependencyTrack/dependency-track/security/advisories/GHSA-jp9v-w6vw-9m5v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dependency-Track",
"vendor": "Dependency-Track",
"versions": [
{
"status": "affected",
"version": "\u003e=3.0.0 \u003c= 3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dependency-Track before 3.5.1 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:18:52.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/DependencyTrack/dependency-track/security/advisories/GHSA-jp9v-w6vw-9m5v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dependency-Track",
"version": {
"version_data": [
{
"version_value": "\u003e=3.0.0 \u003c= 3.5.0"
}
]
}
}
]
},
"vendor_name": "Dependency-Track"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dependency-Track before 3.5.1 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DependencyTrack/dependency-track/security/advisories/GHSA-jp9v-w6vw-9m5v",
"refsource": "CONFIRM",
"url": "https://github.com/DependencyTrack/dependency-track/security/advisories/GHSA-jp9v-w6vw-9m5v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020007",
"datePublished": "2019-07-29T14:18:52.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020009 (GCVE-0-2019-1020009)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:17 – Updated: 2024-08-05 03:14
VLAI
Summary
Fleet before 2.1.2 allows exposure of SMTP credentials.
Severity
No CVSS data available.
CWE
- exposure of SMTP credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/kolide/fleet/security/advisori… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fleet",
"vendor": "Fleet",
"versions": [
{
"status": "affected",
"version": "\u003e2.0.2 \u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fleet before 2.1.2 allows exposure of SMTP credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "exposure of SMTP credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:17:02.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fleet",
"version": {
"version_data": [
{
"version_value": "\u003e2.0.2 \u003c 2.1.2"
}
]
}
}
]
},
"vendor_name": "Fleet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fleet before 2.1.2 allows exposure of SMTP credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exposure of SMTP credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8",
"refsource": "MISC",
"url": "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020009",
"datePublished": "2019-07-29T14:17:02.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020008 (GCVE-0-2019-1020008)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:14 – Updated: 2024-08-05 03:14
VLAI
Summary
stacktable.js before 1.0.4 allows XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/WebFirst/stacktable.js/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stacktable.js | stacktable.js |
Affected:
< 1.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/WebFirst/stacktable.js/security/advisories/GHSA-r9j3-hgxr-75xg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stacktable.js",
"vendor": "stacktable.js",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stacktable.js before 1.0.4 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:14:54.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebFirst/stacktable.js/security/advisories/GHSA-r9j3-hgxr-75xg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stacktable.js",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.4"
}
]
}
}
]
},
"vendor_name": "stacktable.js"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stacktable.js before 1.0.4 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WebFirst/stacktable.js/security/advisories/GHSA-r9j3-hgxr-75xg",
"refsource": "MISC",
"url": "https://github.com/WebFirst/stacktable.js/security/advisories/GHSA-r9j3-hgxr-75xg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020008",
"datePublished": "2019-07-29T14:14:54.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020006 (GCVE-0-2019-1020006)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:10 – Updated: 2024-08-05 03:14
VLAI
Summary
invenio-app before 1.1.1 allows host header injection.
Severity
No CVSS data available.
CWE
- host header injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/inveniosoftware/invenio-app/se… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Invenio | invenio-app |
Affected:
< 1.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "invenio-app",
"vendor": "Invenio",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "invenio-app before 1.1.1 allows host header injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "host header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:10:07.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "invenio-app",
"version": {
"version_data": [
{
"version_value": "\u003c 1.1.1"
}
]
}
}
]
},
"vendor_name": "Invenio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "invenio-app before 1.1.1 allows host header injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "host header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247",
"refsource": "CONFIRM",
"url": "https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020006",
"datePublished": "2019-07-29T14:10:07.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020005 (GCVE-0-2019-1020005)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:07 – Updated: 2024-08-05 03:14
VLAI
Summary
invenio-communities before 1.0.0a20 allows XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/inveniosoftware/invenio-commun… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Invenio | invenio-communities |
Affected:
< 1.0.0a20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "invenio-communities",
"vendor": "Invenio",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0a20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "invenio-communities before 1.0.0a20 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:07:05.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "invenio-communities",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.0a20"
}
]
}
}
]
},
"vendor_name": "Invenio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "invenio-communities before 1.0.0a20 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg",
"refsource": "MISC",
"url": "https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020005",
"datePublished": "2019-07-29T14:07:05.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020003 (GCVE-0-2019-1020003)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:03 – Updated: 2024-08-05 03:14
VLAI
Summary
invenio-records before 1.2.2 allows XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/inveniosoftware/invenio-record… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Invenio | invenio-records |
Affected:
< 1.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "invenio-records",
"vendor": "Invenio",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "invenio-records before 1.2.2 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:03:57.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "invenio-records",
"version": {
"version_data": [
{
"version_value": "\u003c 1.2.2"
}
]
}
}
]
},
"vendor_name": "Invenio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "invenio-records before 1.2.2 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j",
"refsource": "MISC",
"url": "https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020003",
"datePublished": "2019-07-29T14:03:57.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020019 (GCVE-0-2019-1020019)
Vulnerability from cvelistv5 – Published: 2019-07-29 13:16 – Updated: 2024-08-05 03:14
VLAI
Summary
invenio-previewer before 1.0.0a12 allows XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/inveniosoftware/invenio-previe… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Invenio | invenio-previewer |
Affected:
< 1.0.0a12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "invenio-previewer",
"vendor": "Invenio",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0a12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "invenio-previewer before 1.0.0a12 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T13:16:32.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "invenio-previewer",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.0a12"
}
]
}
}
]
},
"vendor_name": "Invenio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "invenio-previewer before 1.0.0a12 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c",
"refsource": "MISC",
"url": "https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020019",
"datePublished": "2019-07-29T13:16:32.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020018 (GCVE-0-2019-1020018)
Vulnerability from cvelistv5 – Published: 2019-07-29 13:14 – Updated: 2024-08-05 03:14
VLAI
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Severity
No CVSS data available.
CWE
- lacks a confirmation screen
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/commit/b83… | x_refsource_MISC |
| https://github.com/discourse/discourse/commit/523… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Discourse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
},
{
"status": "affected",
"version": "2.4.0.beta1"
},
{
"status": "affected",
"version": "2.4.0.beta2"
},
{
"status": "affected",
"version": "fixed in 2.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lacks a confirmation screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T18:58:48.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lacks a confirmation screen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"name": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020018",
"datePublished": "2019-07-29T13:14:16.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020017 (GCVE-0-2019-1020017)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:25 – Updated: 2024-08-05 03:14
VLAI
Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Severity
No CVSS data available.
CWE
- lacks a confirmation screen
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/commit/b83… | x_refsource_MISC |
| https://github.com/discourse/discourse/commit/e6e… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Discourse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
},
{
"status": "affected",
"version": "2.4.0.beta1"
},
{
"status": "affected",
"version": "2.4.0.beta2"
},
{
"status": "affected",
"version": "fixed in 2.4.0.beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lacks a confirmation screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T18:56:05.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lacks a confirmation screen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a"
},
{
"name": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020017",
"datePublished": "2019-07-29T12:25:59.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020016 (GCVE-0-2019-1020016)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:23 – Updated: 2024-08-05 03:14
VLAI
Summary
ASH-AIO before 2.0.0.3 allows an open redirect.
Severity
No CVSS data available.
CWE
- open redirect
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/ASHTeam/ash-aio-2/security/adv… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ASHTeam/ash-aio-2/security/advisories/GHSA-cg3m-qj5v-8g48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASH-AIO",
"vendor": "ASH-AIO",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ASH-AIO before 2.0.0.3 allows an open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:23:12.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ASHTeam/ash-aio-2/security/advisories/GHSA-cg3m-qj5v-8g48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASH-AIO",
"version": {
"version_data": [
{
"version_value": "\u003c 2.0.0.3"
}
]
}
}
]
},
"vendor_name": "ASH-AIO"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASH-AIO before 2.0.0.3 allows an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ASHTeam/ash-aio-2/security/advisories/GHSA-cg3m-qj5v-8g48",
"refsource": "MISC",
"url": "https://github.com/ASHTeam/ash-aio-2/security/advisories/GHSA-cg3m-qj5v-8g48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020016",
"datePublished": "2019-07-29T12:23:12.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020015 (GCVE-0-2019-1020015)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:21 – Updated: 2024-08-05 03:14
VLAI
Summary
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
Severity
No CVSS data available.
CWE
- mishandles the audience check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/hasura/graphql-engine/commit/f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| graphql-engine | graphql-engine |
Affected:
< 1.0.0-beta.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "graphql-engine",
"vendor": "graphql-engine",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0-beta.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mishandles the audience check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:21:40.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "graphql-engine",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.0-beta.3"
}
]
}
}
]
},
"vendor_name": "graphql-engine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mishandles the audience check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac",
"refsource": "MISC",
"url": "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020015",
"datePublished": "2019-07-29T12:21:40.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020014 (GCVE-0-2019-1020014)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:20 – Updated: 2024-08-05 03:14
VLAI
Summary
docker-credential-helpers before 0.6.3 has a double free in the List functions.
Severity
No CVSS data available.
CWE
- double free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/docker/docker-credential-helpe… | x_refsource_MISC |
| https://github.com/docker/docker-credential-helpe… | x_refsource_MISC |
| https://usn.ubuntu.com/4103-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4103-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Docker | docker-credential-helpers |
Affected:
< 0.6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3"
},
{
"name": "USN-4103-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4103-1/"
},
{
"name": "USN-4103-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4103-2/"
},
{
"name": "FEDORA-2021-03bcfa3491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "docker-credential-helpers",
"vendor": "Docker",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "docker-credential-helpers before 0.6.3 has a double free in the List functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T03:06:13.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3"
},
{
"name": "USN-4103-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4103-1/"
},
{
"name": "USN-4103-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4103-2/"
},
{
"name": "FEDORA-2021-03bcfa3491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "docker-credential-helpers",
"version": {
"version_data": [
{
"version_value": "\u003c 0.6.3"
}
]
}
}
]
},
"vendor_name": "Docker"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "docker-credential-helpers before 0.6.3 has a double free in the List functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a",
"refsource": "MISC",
"url": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a"
},
{
"name": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3",
"refsource": "MISC",
"url": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3"
},
{
"name": "USN-4103-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4103-1/"
},
{
"name": "USN-4103-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4103-2/"
},
{
"name": "FEDORA-2021-03bcfa3491",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020014",
"datePublished": "2019-07-29T12:20:21.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020013 (GCVE-0-2019-1020013)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:18 – Updated: 2024-08-05 03:14
VLAI
Summary
parse-server before 3.6.0 allows account enumeration.
Severity
No CVSS data available.
CWE
- account enumeration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Parse | parse-server |
Affected:
< 3.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "Parse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parse-server before 3.6.0 allows account enumeration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "account enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:18:07.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.0"
}
]
}
}
]
},
"vendor_name": "Parse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parse-server before 3.6.0 allows account enumeration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "account enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020013",
"datePublished": "2019-07-29T12:18:07.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020012 (GCVE-0-2019-1020012)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:16 – Updated: 2024-08-05 03:14
VLAI
Summary
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Parse | parse-server |
Affected:
< 3.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "Parse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parse-server before 3.4.1 allows DoS after any POST to a volatile class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:16:14.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.4.1"
}
]
}
}
]
},
"vendor_name": "Parse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parse-server before 3.4.1 allows DoS after any POST to a volatile class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020012",
"datePublished": "2019-07-29T12:16:14.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:16.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020011 (GCVE-0-2019-1020011)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:13 – Updated: 2024-08-05 03:14
VLAI
Summary
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
Severity
9 (Critical)
CWE
- remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Charcoal-SE/SmokeDetector/secu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmokeDetector | SmokeDetector |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Charcoal-SE/SmokeDetector/security/advisories/GHSA-5w85-7mwr-v44q"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmokeDetector",
"vendor": "SmokeDetector",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:13:43.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Charcoal-SE/SmokeDetector/security/advisories/GHSA-5w85-7mwr-v44q"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmokeDetector",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "SmokeDetector"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Charcoal-SE/SmokeDetector/security/advisories/GHSA-5w85-7mwr-v44q",
"refsource": "MISC",
"url": "https://github.com/Charcoal-SE/SmokeDetector/security/advisories/GHSA-5w85-7mwr-v44q"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020011",
"datePublished": "2019-07-29T12:13:43.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020010 (GCVE-0-2019-1020010)
Vulnerability from cvelistv5 – Published: 2019-07-29 12:12 – Updated: 2024-08-05 03:14
VLAI
Summary
Misskey before 10.102.4 allows hijacking a user's token.
Severity
No CVSS data available.
CWE
- hijacking a user's token
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/syuilo/misskey/security/adviso… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Misskey",
"vendor": "Misskey",
"versions": [
{
"status": "affected",
"version": "\u003c 10.102.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Misskey before 10.102.4 allows hijacking a user\u0027s token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "hijacking a user\u0027s token",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T12:12:04.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1020010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Misskey",
"version": {
"version_data": [
{
"version_value": "\u003c 10.102.4"
}
]
}
}
]
},
"vendor_name": "Misskey"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Misskey before 10.102.4 allows hijacking a user\u0027s token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hijacking a user\u0027s token"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p",
"refsource": "MISC",
"url": "https://github.com/syuilo/misskey/security/advisories/GHSA-6qw9-6jxq-xj3p"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020010",
"datePublished": "2019-07-29T12:12:04.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1020001 (GCVE-0-2019-1020001)
Vulnerability from cvelistv5 – Published: 2019-07-29 00:00 – Updated: 2024-08-05 03:14
VLAI
Summary
yard before 0.9.20 allows path traversal.
Severity
No CVSS data available.
CWE
- path traversal
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr"
},
{
"name": "[debian-lts-announce] 20240306 [SECURITY] [DLA 3753-1] yard security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yard",
"vendor": "yard",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yard before 0.9.20 allows path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T23:05:57.748Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr"
},
{
"name": "[debian-lts-announce] 20240306 [SECURITY] [DLA 3753-1] yard security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1020001",
"datePublished": "2019-07-29T00:00:00.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1000033 (GCVE-0-2019-1000033)
Vulnerability from cvelistv5 – Published: 2019-07-26 20:07 – Updated: 2019-07-26 20:07
VLAI
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-1010259. Reason: This candidate is a reservation duplicate of CVE-2019-1010259. Notes: All CVE users should reference CVE-2019-1010259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2019-07-26T20:07:25.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-1010259. Reason: This candidate is a reservation duplicate of CVE-2019-1010259. Notes: All CVE users should reference CVE-2019-1010259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1000033",
"datePublished": "2019-07-26T20:07:25.000Z",
"dateRejected": "2019-07-26T20:07:25.000Z",
"dateReserved": "2019-07-26T00:00:00.000Z",
"dateUpdated": "2019-07-26T20:07:25.000Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2019-1010147 (GCVE-0-2019-1010147)
Vulnerability from cvelistv5 – Published: 2019-07-25 23:02 – Updated: 2024-08-05 03:07
VLAI
Summary
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later.
Severity
No CVSS data available.
CWE
- Incorrect Access Control - Privileges Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://drive.google.com/open?id=1sk5IklziyEggeWp… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Yellowfin | Smart Reporting |
Affected:
< 7.3 [fixed: 7.4 and later]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1sk5IklziyEggeWpWE4Wyk9xqa30CjNpS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Reporting",
"vendor": "Yellowfin",
"versions": [
{
"status": "affected",
"version": "\u003c 7.3 [fixed: 7.4 and later]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. The fixed version is: 7.4 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control - Privileges Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:02:40.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1sk5IklziyEggeWpWE4Wyk9xqa30CjNpS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Reporting",
"version": {
"version_data": [
{
"version_value": "\u003c 7.3 [fixed: 7.4 and later]"
}
]
}
}
]
},
"vendor_name": "Yellowfin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. The fixed version is: 7.4 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control - Privileges Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1sk5IklziyEggeWpWE4Wyk9xqa30CjNpS",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1sk5IklziyEggeWpWE4Wyk9xqa30CjNpS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010147",
"datePublished": "2019-07-25T23:02:40.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010127 (GCVE-0-2019-1010127)
Vulnerability from cvelistv5 – Published: 2019-07-25 18:35 – Updated: 2024-08-05 03:07
VLAI
Summary
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
Severity
No CVSS data available.
CWE
- Use-after-free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.google.com/document/d/e/2PACX-1vQJve… | x_refsource_MISC |
| https://github.com/vcftools/vcftools/issues/141 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vcftools/vcftools/issues/141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vcftools",
"vendor": "VCFTools",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T13:45:44.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vcftools/vcftools/issues/141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vcftools",
"version": {
"version_data": [
{
"version_value": "\u003c 0.1.15"
}
]
}
}
]
},
"vendor_name": "VCFTools"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub"
},
{
"name": "https://github.com/vcftools/vcftools/issues/141",
"refsource": "CONFIRM",
"url": "https://github.com/vcftools/vcftools/issues/141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010127",
"datePublished": "2019-07-25T18:35:30.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010161 (GCVE-0-2019-1010161)
Vulnerability from cvelistv5 – Published: 2019-07-25 13:17 – Updated: 2024-08-05 03:07
VLAI
Summary
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.
Severity
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/DCIT/perl-Crypt-JWT/issues/3#i… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| perl-CRYPT-JWT | perl-CRYPT-JWT |
Affected:
0.022 and earlier [fixed: 0.023]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "perl-CRYPT-JWT",
"vendor": "perl-CRYPT-JWT",
"versions": [
{
"status": "affected",
"version": "0.022 and earlier [fixed: 0.023]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T13:17:52.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "perl-CRYPT-JWT",
"version": {
"version_data": [
{
"version_value": "0.022 and earlier [fixed: 0.023]"
}
]
}
}
]
},
"vendor_name": "perl-CRYPT-JWT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483",
"refsource": "MISC",
"url": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010161",
"datePublished": "2019-07-25T13:17:52.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010172 (GCVE-0-2019-1010172)
Vulnerability from cvelistv5 – Published: 2019-07-25 13:13 – Updated: 2024-08-05 03:07
VLAI
Summary
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.
Severity
No CVSS data available.
CWE
- Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jsish.org/fossil/jsi/tktview/16f01b0177c2… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jsish.org/fossil/jsi/tktview/16f01b0177c2e309ab01102feb76b39d57a3eb66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jsish",
"vendor": "Jsish",
"versions": [
{
"status": "affected",
"version": "2.4.84 2.0484 [fixed: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T13:13:15.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jsish.org/fossil/jsi/tktview/16f01b0177c2e309ab01102feb76b39d57a3eb66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jsish",
"version": {
"version_data": [
{
"version_value": "2.4.84 2.0484 [fixed: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39]"
}
]
}
}
]
},
"vendor_name": "Jsish"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jsish.org/fossil/jsi/tktview/16f01b0177c2e309ab01102feb76b39d57a3eb66",
"refsource": "MISC",
"url": "https://jsish.org/fossil/jsi/tktview/16f01b0177c2e309ab01102feb76b39d57a3eb66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010172",
"datePublished": "2019-07-25T13:13:15.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010174 (GCVE-0-2019-1010174)
Vulnerability from cvelistv5 – Published: 2019-07-25 13:12 – Updated: 2024-08-05 03:07
VLAI
Summary
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.
Severity
No CVSS data available.
CWE
- command injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://framagit.org/dtschump/CImg/commit/5ce7a42… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CImg | The CImg Library |
Affected:
v.2.3.3 and earlier [fixed: v.2.3.4]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146"
},
{
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The CImg Library",
"vendor": "CImg",
"versions": [
{
"status": "affected",
"version": "v.2.3.3 and earlier [fixed: v.2.3.4]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T18:06:12.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146"
},
{
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The CImg Library",
"version": {
"version_data": [
{
"version_value": "v.2.3.3 and earlier [fixed: v.2.3.4]"
}
]
}
}
]
},
"vendor_name": "CImg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146",
"refsource": "MISC",
"url": "https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146"
},
{
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010174",
"datePublished": "2019-07-25T13:12:03.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010176 (GCVE-0-2019-1010176)
Vulnerability from cvelistv5 – Published: 2019-07-25 13:05 – Updated: 2024-08-05 03:07
VLAI
Summary
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/jerryscript-project/jerryscrip… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JerryScript | JerryScript |
Affected:
commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 [fixed: after commit 505dace719aebb3308a3af223cfaa985159efae0] (as of 2018-09-14)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jerryscript-project/jerryscript/issues/2476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JerryScript",
"vendor": "JerryScript",
"versions": [
{
"status": "affected",
"version": "commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 [fixed: after commit 505dace719aebb3308a3af223cfaa985159efae0] (as of 2018-09-14)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T13:05:09.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jerryscript-project/jerryscript/issues/2476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JerryScript",
"version": {
"version_data": [
{
"version_value": "commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 [fixed: after commit 505dace719aebb3308a3af223cfaa985159efae0] (as of 2018-09-14)"
}
]
}
}
]
},
"vendor_name": "JerryScript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jerryscript-project/jerryscript/issues/2476",
"refsource": "MISC",
"url": "https://github.com/jerryscript-project/jerryscript/issues/2476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010176",
"datePublished": "2019-07-25T13:05:09.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010182 (GCVE-0-2019-1010182)
Vulnerability from cvelistv5 – Published: 2019-07-25 13:02 – Updated: 2024-08-05 03:07
VLAI
Summary
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.
Severity
No CVSS data available.
CWE
- Uncontrolled Recursion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/chyh1990/yaml-rust/pull/109 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chyh1990/yaml-rust/pull/109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yaml-rust",
"vendor": "yaml-rust",
"versions": [
{
"status": "affected",
"version": "0.4.0 and earlier [fixed: 0.4.1 and later]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T13:02:57.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chyh1990/yaml-rust/pull/109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yaml-rust",
"version": {
"version_data": [
{
"version_value": "0.4.0 and earlier [fixed: 0.4.1 and later]"
}
]
}
}
]
},
"vendor_name": "yaml-rust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chyh1990/yaml-rust/pull/109",
"refsource": "MISC",
"url": "https://github.com/chyh1990/yaml-rust/pull/109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010182",
"datePublished": "2019-07-25T13:02:57.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010183 (GCVE-0-2019-1010183)
Vulnerability from cvelistv5 – Published: 2019-07-25 12:50 – Updated: 2024-08-05 03:07
VLAI
Summary
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.
Severity
No CVSS data available.
CWE
- Uncontrolled Recursion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dtolnay/serde-yaml/pull/105 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| serde | serde_yaml |
Affected:
0.6.0 to 0.8.3 [fixed: 0.8.4 and later]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dtolnay/serde-yaml/pull/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serde_yaml",
"vendor": "serde",
"versions": [
{
"status": "affected",
"version": "0.6.0 to 0.8.3 [fixed: 0.8.4 and later]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T12:50:56.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dtolnay/serde-yaml/pull/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serde_yaml",
"version": {
"version_data": [
{
"version_value": "0.6.0 to 0.8.3 [fixed: 0.8.4 and later]"
}
]
}
}
]
},
"vendor_name": "serde"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dtolnay/serde-yaml/pull/105",
"refsource": "MISC",
"url": "https://github.com/dtolnay/serde-yaml/pull/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010183",
"datePublished": "2019-07-25T12:50:56.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010178 (GCVE-0-2019-1010178)
Vulnerability from cvelistv5 – Published: 2019-07-24 13:50 – Updated: 2024-08-05 03:07
VLAI
Summary
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.
Severity
No CVSS data available.
CWE
- CWE-648 - Incorrect Access Control - CWE-648
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.youtube.com/watch?v=vOlw2DP9WbE | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fred | MODX Revolution |
Affected:
< 1.0.0-beta5 [fixed: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=vOlw2DP9WbE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MODX Revolution",
"vendor": "Fred",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0-beta5 [fixed: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fred MODX Revolution \u003c 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Access Control - CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-24T13:50:45.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=vOlw2DP9WbE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MODX Revolution",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.0-beta5 [fixed: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246]"
}
]
}
}
]
},
"vendor_name": "Fred"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fred MODX Revolution \u003c 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control - CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=vOlw2DP9WbE",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=vOlw2DP9WbE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010178",
"datePublished": "2019-07-24T13:50:45.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}