From 8bd41ef9708972584db07c36c80516974cca37a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonatan=20M=C3=A4nnchen?= Date: Fri, 6 Dec 2024 17:30:26 +0000 Subject: [PATCH] Add Affected Info to CVE Overview --- _data/cves/CVE-1337-1234.json | 319 ------------------ _data/cves/CVE-1337-1235.json | 52 --- ...CVE-2024-31209.json => CVE-XXXX-0001.json} | 201 ++++++----- _data/cves/CVE-XXXX-0002.json | 148 ++++++++ _includes/head/custom.html | 8 + _layouts/cve.html | 11 +- cves.md | 17 + 7 files changed, 307 insertions(+), 449 deletions(-) delete mode 100644 _data/cves/CVE-1337-1234.json delete mode 100644 _data/cves/CVE-1337-1235.json rename _data/cves/{CVE-2024-31209.json => CVE-XXXX-0001.json} (64%) create mode 100644 _data/cves/CVE-XXXX-0002.json create mode 100644 _includes/head/custom.html diff --git a/_data/cves/CVE-1337-1234.json b/_data/cves/CVE-1337-1234.json deleted file mode 100644 index 6263c75..0000000 --- a/_data/cves/CVE-1337-1234.json +++ /dev/null @@ -1,319 +0,0 @@ -{ - "dataType": "CVE_RECORD", - "dataVersion": "5.1", - "cveMetadata": { - "cveId": "CVE-1337-1234", - "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", - "assignerShortName": "example", - "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", - "serial": 1, - "state": "PUBLISHED", - "dateReserved":"2024-03-29T14:16:31.900Z", - "datePublished":"2024-04-04T16:04:43.255Z", - "dateUpdated":"2024-09-03T18:26:21.909Z" - }, - "containers": { - "cna": { - "providerMetadata": { - "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", - "shortName": "example", - "dateUpdated": "2021-09-08T16:24:00.000Z" - }, - "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.", - "datePublic": "2021-09-08T16:24:00.000Z", - "problemTypes": [ - { - "descriptions": [ - { - "lang": "en", - "cweId": "CWE-78", - "description": "CWE-78 OS Command Injection", - "type": "CWE" - } - ] - } - ], - "impacts": [ - { - "capecId": "CAPEC-233", - "descriptions": [ - { - "lang": "en", - "value": "CAPEC-233 Privilege Escalation" - } - ] - } - ], - "affected": [ - { - "vendor": "Example.org", - "product": "Example Enterprise", - "platforms": [ - "Windows", - "MacOS", - "XT-4500" - ], - "collectionURL": "https://example.org/packages", - "packageName": "example_enterprise", - "repo": "git://example.org/source/example_enterprise", - "modules": [ - "Web-Management-Interface" - ], - "programFiles": [ - "example_enterprise/example.php" - ], - "programRoutines": [ - { - "name": "parseFilename" - } - ], - "versions": [ - { - "version": "1.0.0", - "status": "affected", - "lessThan": "1.0.6", - "versionType": "semver" - }, - { - "version": "2.1.0", - "status": "unaffected", - "lessThan": "2.1.*", - "changes": [ - { - "at": "2.1.6", - "status": "affected" - }, - { - "at": "2.1.9", - "status": "unaffected" - } - ], - "versionType": "semver" - }, - { - "version": "3.0.0", - "status": "unaffected", - "lessThan": "*", - "versionType": "semver" - } - ], - "defaultStatus": "unaffected" - } - ], - "descriptions": [ - { - "lang": "en", - "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.

This issue affects:
" - } - ] - }, - { - "lang": "eo", - "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise ĉe Windows, macOS kaj XT-4500 permesas al malproksimaj neaŭtentikigitaj atakantoj eskaladi privilegiojn. Ĉi tiu afero efikas: 1.0-versioj antaŭ 1.0.6, 2.1-versioj de 2.16 ĝis 2.1.9.", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise ĉe Windows, macOS kaj XT-4500 permesas al malproksimaj neaŭtentikigitaj atakantoj eskaladi privilegiojn.

Ĉi tiu afero efikas:
" - } - ] - } - ], - "metrics": [ - { - "format": "CVSS", - "scenarios": [ - { - "lang": "en", - "value": "GENERAL" - } - ], - "cvssV4_0": { - "baseScore": 7.8, - "baseSeverity": "HIGH", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L", - "version":"4.0" - }, - "cvssV3_1": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } - }, - { - "format": "CVSS", - "scenarios": [ - { - "lang": "en", - "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible." - } - ], - "cvssV3_1": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 7.3, - "baseSeverity": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" - } - } - ], - "solutions": [ - { - "lang": "en", - "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions." - } - ] - } - ], - "workarounds": [ - { - "lang": "en", - "value": "Disable the web management interface with the command\n> service disable webmgmt", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "Disable the web management interface with the command
> service disable webmgmt
" - } - ] - } - ], - "configurations": [ - { - "lang": "en", - "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "Web management interface should be enabled.
> service status webmgmt
webmgmt running
" - } - ] - } - ], - "exploits": [ - { - "lang": "en", - "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available." - } - ] - } - ], - "timeline": [ - { - "time": "2001-09-01T07:31:00.000Z", - "lang": "en", - "value": "Issue discovered by Alice using Acme Autofuzz" - }, - { - "time": "2021-09-02T16:36:00.000Z", - "lang": "en", - "value": "Confirmed by Bob" - }, - { - "time": "2021-09-07T16:37:00.000Z", - "lang": "en", - "value": "Fixes released" - } - ], - "credits": [ - { - "lang": "en", - "value": "Alice", - "type": "finder" - }, - { - "lang": "en", - "value": "Bob", - "type": "analyst" - }, - { - "lang": "en", - "value": "Acme Autofuzz", - "type": "tool" - } - ], - "references": [ - { - "url": "https://example.org/ESA-22-11-CVE-1337-1234", - "name": "ESA-22-11", - "tags": [ - "vendor-advisory" - ] - }, - { - "url": "https://example.com/blog/alice/pwning_example_enterprise", - "name": "Pwning Example Enterprise", - "tags": [ - "technical-description", - "third-party-advisory" - ] - }, - { - "url": "https://example.org/bugs/EXAMPLE-1234", - "name": "EXAMPLE-1234", - "tags": [ - "issue-tracking" - ] - }, - { - "url": "https://example.org/ExampleEnterprise", - "tags": [ - "product" - ] - } - ], - "source": { - "defects": [ - "EXAMPLE-1234" - ], - "advisory": "ESA-22-11", - "discovery": "EXTERNAL" - }, - "taxonomyMappings": [ - { - "taxonomyName": "ATT&CK", - "taxonomyVersion": "v9", - "taxonomyRelations": [ - { - "taxonomyId": "T1190", - "relationshipName": "mitigated by", - "relationshipValue": "M1048" - } - ] - } - ] - } - } -} \ No newline at end of file diff --git a/_data/cves/CVE-1337-1235.json b/_data/cves/CVE-1337-1235.json deleted file mode 100644 index f3a99d9..0000000 --- a/_data/cves/CVE-1337-1235.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "dataType": "CVE_RECORD", - "dataVersion": "5.1", - "cveMetadata": { - "cveId": "CVE-1337-1235", - "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", - "state": "PUBLISHED" - }, - "containers": { - "cna": { - "providerMetadata": { - "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6" - }, - "problemTypes": [ - { - "descriptions": [ - { - "lang": "en", - "description": "CWE-78 OS Command Injection" - } - ] - } - ], - "affected": [ - { - "vendor": "Example.org", - "product": "Example Enterprise", - "versions": [ - { - "version": "1.0.0", - "status": "affected", - "lessThan": "1.0.6", - "versionType": "semver" - } - ], - "defaultStatus": "unaffected" - } - ], - "descriptions": [ - { - "lang": "en", - "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9." - } - ], - "references": [ - { - "url": "https://example.org/ESA-22-11-CVE-1337-1234" - } - ] - } - } -} \ No newline at end of file diff --git a/_data/cves/CVE-2024-31209.json b/_data/cves/CVE-XXXX-0001.json similarity index 64% rename from _data/cves/CVE-2024-31209.json rename to _data/cves/CVE-XXXX-0001.json index ce4ccb4..e406c18 100644 --- a/_data/cves/CVE-2024-31209.json +++ b/_data/cves/CVE-XXXX-0001.json @@ -2,113 +2,160 @@ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { - "cveId": "CVE-2024-31209", - "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", - "state": "PUBLISHED", + "cveId": "CVE-XXXX-0001", + "assignerOrgId": "00000000-0000-4000-9000-000000000000", "assignerShortName": "GitHub_M", - "dateReserved": "2024-03-29T14:16:31.900Z", - "datePublished": "2024-04-04T16:04:43.255Z", - "dateUpdated": "2024-09-03T18:26:21.909Z" + "dateUpdated": "2024-09-03T18:26:00.000Z", + "dateReserved": "2024-03-29T14:16:00.000Z", + "datePublished": "2024-04-04T16:04:00.000Z", + "state": "PUBLISHED" }, "containers": { "cna": { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000", + "shortName": "GitHub_M", + "dateUpdated": "2024-04-04T16:04:00.000Z" + }, "title": "OpenID Connect client Atom Exhaustion in provider configuration worker ets table location", "problemTypes": [ { "descriptions": [ { - "cweId": "CWE-400", "lang": "en", + "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE" } ] } ], - "metrics": [ + "affected": [ { - "cvssV3_1": { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } + "vendor": "Erlang Ecosystem Foundation", + "product": "oidcc", + "collectionURL": "https://repo.hex.pm", + "packageName": "oidcc", + "repo": "https://github.com/erlef/oidcc", + "modules": [ + "oidcc_provider_configuration_worker" + ], + "programFiles": [ + "src/oidcc_provider_configuration_worker.erl" + ], + "programRoutines": [ + { + "name": "get_ets_table_name/1" + } + ], + "versions": [ + { + "status": "affected", + "version": ">= 3.0.0, < 3.0.2" + }, + { + "status": "affected", + "version": ">= 3.1.0, < 3.1.2" + }, + { + "status": "affected", + "version": ">= 3.2.0-beta.1, < 3.2.0-beta.3" + } + ], + "defaultStatus": "affected" + }, + { + "vendor":"erlef", + "product":"oidcc", + "collectionURL": "https://github.com", + "packageName": "erlef/oidcc", + "repo": "https://github.com/erlef/oidcc", + "versions": [ + {"version":">= 3.0.0, < 3.0.2","status":"affected"}, + {"version":">= 3.1.0, < 3.1.2","status":"affected"}, + {"version":">= 3.2.0-beta.1, < 3.2.0-beta.3","status":"affected"} + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`.

" + } + ] } ], "references": [ { + "url": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", "name": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", "tags": [ "x_refsource_CONFIRM" - ], - "url": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", "name": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", "tags": [ "x_refsource_MISC" - ], - "url": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", "name": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", "tags": [ "x_refsource_MISC" - ], - "url": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a", "name": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a", "tags": [ "x_refsource_MISC" - ], - "url": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a" + ] }, { + "url": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388", "name": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388", "tags": [ "x_refsource_MISC" - ], - "url": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388" + ] } ], - "affected": [ + "metrics": [ { - "vendor": "erlef", - "product": "oidcc", - "versions": [ - { - "version": ">= 3.0.0, < 3.0.2", - "status": "affected" - }, + "format": "CVSS", + "scenarios": [ { - "version": ">= 3.1.0, < 3.1.2", - "status": "affected" - }, - { - "version": ">= 3.2.0-beta.1, < 3.2.0-beta.3", - "status": "affected" + "lang": "en", + "value": "GENERAL" } - ] - } - ], - "providerMetadata": { - "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", - "shortName": "GitHub_M", - "dateUpdated": "2024-04-04T16:04:43.255Z" - }, - "descriptions": [ - { - "lang": "en", - "value": "oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`." + ], + "cvssV4_0": { + "version": "4.0", + "baseSeverity": "CRITICAL", + "baseScore": 10, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" + }, + "cvssV3_1": { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" + } } ], "source": { @@ -119,55 +166,61 @@ "adp": [ { "providerMetadata": { - "orgId": "af854a3a-2127-422b-91ae-364da2661108", + "orgId": "00000000-0000-4000-9000-000000000000", "shortName": "CVE", - "dateUpdated": "2024-08-02T01:46:04.592Z" + "dateUpdated": "2024-08-02T01:46:00.000Z" }, "title": "CVE Program Container", "references": [ { + "url": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", "name": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", "tags": [ "x_refsource_CONFIRM", "x_transferred" - ], - "url": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", "name": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", "tags": [ "x_refsource_MISC", "x_transferred" - ], - "url": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", "name": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", "tags": [ "x_refsource_MISC", "x_transferred" - ], - "url": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649" + ] }, { + "url": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a", "name": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a", "tags": [ "x_refsource_MISC", "x_transferred" - ], - "url": "https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a" + ] }, { + "url": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388", "name": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388", "tags": [ "x_refsource_MISC", "x_transferred" - ], - "url": "https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388" + ] } ] }, { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000", + "shortName": "CISA-ADP", + "dateUpdated": "2024-09-03T18:26:00.000Z" + }, + "title": "CISA ADP Vulnrichment", "metrics": [ { "other": { @@ -191,13 +244,7 @@ } } } - ], - "title": "CISA ADP Vulnrichment", - "providerMetadata": { - "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "shortName": "CISA-ADP", - "dateUpdated": "2024-09-03T18:26:21.909Z" - } + ] } ] } diff --git a/_data/cves/CVE-XXXX-0002.json b/_data/cves/CVE-XXXX-0002.json new file mode 100644 index 0000000..e3f71cf --- /dev/null +++ b/_data/cves/CVE-XXXX-0002.json @@ -0,0 +1,148 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-XXXX-0002", + "assignerOrgId": "00000000-0000-4000-9000-000000000000", + "assignerShortName": "mitre", + "dateUpdated": "2024-08-03T10:21:00.000Z", + "dateReserved": "2022-07-28T22:00:00.000Z", + "datePublished": "2022-09-20T22:00:00.000Z", + "state": "PUBLISHED" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000", + "shortName": "mitre", + "dateUpdated": "2023-07-10T22:00:00.000Z" + }, + "title": "Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS", + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "n/a" + } + ] + } + ], + "affected": [ + { + "vendor": "erlang", + "product": "otp", + "collectionURL": "https://github.com", + "packageName": "erlang/otp", + "repo": "https://github.com/erlang/otp", + "versions": [ + { + "status": "affected", + "version": "0", + "changes": [ + { + "at": ">= 23.3.4.15, < 24", + "status": "unaffected" + }, + { + "at": ">= 24.3.4.2, < 25", + "status": "unaffected" + }, + { + "at": ">= 25.0.2", + "status": "unaffected" + } + ], + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15", + "name": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", + "tags": [ + "x_refsource_CONFIRM" + ] + }, + { + "url": "https://erlangforums.com/c/erlang-news-announcements/91", + "name": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", + "tags": [ + "x_refsource_MISC" + ] + }, + { + "url": "https://erlangforums.com/t/otp-25-1-released/1854", + "name": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", + "tags": [ + "x_refsource_MISC" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00012.html", + "name": "[debian-lts-announce] 20230711 [SECURITY] [DLA 3491-1] erlang security update", + "tags": [ + "mailing-list" + ] + } + ] + }, + "adp": [ + { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000", + "shortName": "CVE", + "dateUpdated": "2024-08-03T10:21:00.000Z" + }, + "title": "CVE Program Container", + "references": [ + { + "url": "https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15", + "name": "https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://erlangforums.com/c/erlang-news-announcements/91", + "name": "https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://erlangforums.com/t/otp-25-1-released/1854", + "name": "https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00012.html", + "name": "[debian-lts-announce] 20230711 [SECURITY] [DLA 3491-1] erlang security update", + "tags": [ + "mailing-list", + "x_transferred" + ] + } + ] + } + ] + } +} \ No newline at end of file diff --git a/_includes/head/custom.html b/_includes/head/custom.html new file mode 100644 index 0000000..6ece38d --- /dev/null +++ b/_includes/head/custom.html @@ -0,0 +1,8 @@ + + \ No newline at end of file diff --git a/_layouts/cve.html b/_layouts/cve.html index 6f7b01d..3f9cb65 100644 --- a/_layouts/cve.html +++ b/_layouts/cve.html @@ -61,7 +61,16 @@

References

Affected

{% for entry in affected %} -

{{ entry.vendor }} / {{ entry.product }}

+

+ {% case entry.collectionURL %} + {% when "https://repo.hex.pm" %} + Hex: {{ entry.packageName }} + {% when "https://github.com" %} + GitHub: {{ entry.packageName }} + {% else %} + {{ entry.vendor }} / {{ entry.product }} + {% endcase %} +