[GHSA-cr7j-rwmv-vgch] aimeos-core arbitrary file uopload vulnerability #4544
Conversation
github-actions
bot
changed the base branch from
main
to
aimeos/advisory-improvement-4544
|
👋 Hi @aimeos, I see that this vulnerability represented by two advisories, GHSA-cr7j-rwmv-vgch and GHSA-rhc2-23c2-ww7c, also has two CVEs. MITRE issued CVE-2024-36811. GitHub issued CVE-2024-37295 when a CVE was requested for GHSA-rhc2-23c2-ww7c. Would you prefer to keep CVE-2024-36811 from MITRE or CVE-2024-37295 from GitHub? Once I know which CVE you prefer to keep, I will withdraw the duplicate advisory and reach out to MITRE to initiate the CVE deduplication process. |
|
We would like to keep GHSA-rhc2-23c2-ww7c from GitHub. Thanks a lot! |
advisory-database
bot
merged commit d59791f
into
aimeos/advisory-improvement-4544
|
Hi @aimeos! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
|
@aimeos GHSA-cr7j-rwmv-vgch has been withdrawn as a duplicate of GHSA-rhc2-23c2-ww7c, and I've reached out to MITRE via cveform.mitre.org to request that CVE-2024-36811 be marked as a duplicate of CVE-2024-37295. Thanks for reaching out to let us know about the duplicate advisory and duplicate CVE! |
Updates
Comments
Duplicate of GHSA-rhc2-23c2-ww7c
Affected versions are only 2024.04.x below 2024.04.5