diff --git a/gcp/api/integration_tests.py b/gcp/api/integration_tests.py index f1b7df222ef..35870e04c93 100644 --- a/gcp/api/integration_tests.py +++ b/gcp/api/integration_tests.py @@ -344,11 +344,13 @@ def test_query_comparing_version(self): alsa_2023_7109 = self._get('ALSA-2023:7109') alsa_2024_3178 = self._get('ALSA-2024:3178') alsa_2024_4262 = self._get('ALSA-2024:4262') + alsa_2024_7481 = self._get('ALSA-2024:7481') expected_vulns = [ alsa_2023_7109, alsa_2024_3178, alsa_2024_4262, + alsa_2024_7481, ] response = requests.post( diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2018-1000500.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2018-1000500.json index a3d9fb0768f..c5b54dccde1 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2018-1000500.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2018-1000500.json @@ -1 +1,130 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2024-03-25T05:17:38.960","vulnerabilities":[{"cve":{"id":"CVE-2018-1000500","sourceIdentifier":"cve@mitre.org","published":"2018-06-26T16:29:00.353","lastModified":"2020-09-24T20:15:12.350","vulnStatus":"Modified","descriptions":[{"lang":"en","value":"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https:\/\/compromised-domain.com\/important-file\"."},{"lang":"es","value":"Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet \"busybox wget\" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante \"busybox wget https:\/\/compromised-domain.com\/important-file\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*","versionEndExcluding":"1.32.0","matchCriteriaId":"8E01D2F2-60BE-4135-B94B-76D34EC75060"}]}]}],"references":[{"url":"http:\/\/lists.busybox.net\/pipermail\/busybox\/2018-May\/086462.html","source":"cve@mitre.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https:\/\/git.busybox.net\/busybox\/commit\/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https:\/\/usn.ubuntu.com\/4531-1\/","source":"cve@mitre.org"}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2024-03-25T05:17:38.960", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2018-1000500", + "sourceIdentifier": "cve@mitre.org", + "published": "2018-06-26T16:29:00.353", + "lastModified": "2020-09-24T20:15:12.350", + "vulnStatus": "Modified", + "descriptions": [ + { + "lang": "en", + "value": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https:\/\/compromised-domain.com\/important-file\"." + }, + { + "lang": "es", + "value": "Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet \"busybox wget\" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante \"busybox wget https:\/\/compromised-domain.com\/important-file\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P", + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.32.0", + "matchCriteriaId": "8E01D2F2-60BE-4135-B94B-76D34EC75060" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http:\/\/lists.busybox.net\/pipermail\/busybox\/2018-May\/086462.html", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] + }, + { + "url": "https:\/\/git.busybox.net\/busybox\/commit\/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91", + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https:\/\/usn.ubuntu.com\/4531-1\/", + "source": "cve@mitre.org" + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2020-13595.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2020-13595.json index a7903377df1..54133543157 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2020-13595.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2020-13595.json @@ -1 +1,144 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:14:57.970","vulnerabilities":[{"cve":{"id":"CVE-2020-13595","sourceIdentifier":"cve@mitre.org","published":"2020-08-31T15:15:10.680","lastModified":"2020-09-08T21:09:33.517","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets."},{"lang":"es","value":"La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 hasta 4.2 (para dispositivos ESP32) devuelve el número errado de paquetes BLE completados y desencadena una aserción alcanzable en la pila del host cuando está recibiendo un paquete con un fallo de MIC. Un atacante dentro del radio de alcance puede desencadenar silenciosamente la aserción (que deshabilita la pila BLE del objetivo) al enviar una secuencia de paquetes BLE diseñada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A\/AC:L\/Au:N\/C:N\/I:N\/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":3.3},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.2","matchCriteriaId":"F8034F36-3371-4111-AE71-573B85934B20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*","matchCriteriaId":"D1024B06-380B-4116-B7F9-A21A03534B0C"}]}]}],"references":[{"url":"https:\/\/asset-group.github.io\/cves.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https:\/\/asset-group.github.io\/disclosures\/sweyntooth\/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https:\/\/github.com\/espressif\/esp32-bt-lib","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:14:57.970", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2020-13595", + "sourceIdentifier": "cve@mitre.org", + "published": "2020-08-31T15:15:10.680", + "lastModified": "2020-09-08T21:09:33.517", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets." + }, + { + "lang": "es", + "value": "La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 hasta 4.2 (para dispositivos ESP32) devuelve el número errado de paquetes BLE completados y desencadena una aserción alcanzable en la pila del host cuando está recibiendo un paquete con un fallo de MIC. Un atacante dentro del radio de alcance puede desencadenar silenciosamente la aserción (que deshabilita la pila BLE del objetivo) al enviar una secuencia de paquetes BLE diseñada" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A\/AC:L\/Au:N\/C:N\/I:N\/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.5, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.2", + "matchCriteriaId": "F8034F36-3371-4111-AE71-573B85934B20" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1024B06-380B-4116-B7F9-A21A03534B0C" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/asset-group.github.io\/cves.html", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/asset-group.github.io\/disclosures\/sweyntooth\/", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/espressif\/esp32-bt-lib", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2021-28429.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2021-28429.json index 03aec35952a..17fabe1feff 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2021-28429.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2021-28429.json @@ -1 +1,87 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:23:57.637","vulnerabilities":[{"cve":{"id":"CVE-2021-28429","sourceIdentifier":"cve@mitre.org","published":"2023-08-11T14:15:12.667","lastModified":"2023-08-18T14:55:33.060","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Integer overflow vulnerability in av_timecode_make_string in libavutil\/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"BEA4991D-BE2F-4BB4-BFFE-8C4FC9A72763"}]}]}],"references":[{"url":"https:\/\/git.ffmpeg.org\/gitweb\/ffmpeg.git\/commitdiff\/c94875471e3ba3dc396c6919ff3ec9b14539cd71","source":"cve@mitre.org","tags":["Patch"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:23:57.637", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2021-28429", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-11T14:15:12.667", + "lastModified": "2023-08-18T14:55:33.060", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Integer overflow vulnerability in av_timecode_make_string in libavutil\/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:4.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BEA4991D-BE2F-4BB4-BFFE-8C4FC9A72763" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/git.ffmpeg.org\/gitweb\/ffmpeg.git\/commitdiff\/c94875471e3ba3dc396c6919ff3ec9b14539cd71", + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-0090.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-0090.json index 1f5d3606c1c..3a4271b05cb 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-0090.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-0090.json @@ -1 +1,185 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:58:35.457","vulnerabilities":[{"cve":{"id":"CVE-2022-0090","sourceIdentifier":"cve@gitlab.com","published":"2022-01-18T17:15:09.510","lastModified":"2022-01-25T14:49:33.973","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI."},{"lang":"es","value":"Se ha detectado un problema que afecta a versiones de GitLab anteriores a la 14.4.5, entre la 14.5.0 y la 14.5.3, y entre la 14.6.0 y la 14.6.1. GitLab está configurado de forma que no ignora las referencias de reemplazo con subcomandos git, lo que permite a un usuario malicioso falsificar el contenido de sus confirmaciones en la Interfaz de Usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:N\/C:N\/I:P\/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.0},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionEndExcluding":"14.4.5","matchCriteriaId":"DAFE3371-08B7-4003-AB1B-196DC1734C26"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"14.4.5","matchCriteriaId":"6318720F-9838-43DF-A781-BAC58DF09E88"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.5.0","versionEndExcluding":"14.5.3","matchCriteriaId":"F4792D58-0D9A-43E6-879B-8DC10289BBED"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.5.0","versionEndExcluding":"14.5.3","matchCriteriaId":"2E89DBD2-9B16-4842-B103-B2B4096C046F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.6.0","versionEndExcluding":"14.6.1","matchCriteriaId":"E8762E3A-22EC-4E2A-BFDB-29E6C97170C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.6.0","versionEndExcluding":"14.6.1","matchCriteriaId":"1245CFA6-7887-4551-AE12-C8104F5B0B65"}]}]}],"references":[{"url":"https:\/\/gitlab.com\/gitlab-org\/cves\/-\/blob\/master\/2022\/CVE-2022-0090.json","source":"cve@gitlab.com","tags":["Third Party Advisory"]},{"url":"https:\/\/gitlab.com\/gitlab-org\/gitaly\/-\/issues\/3948","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https:\/\/hackerone.com\/reports\/1415964","source":"cve@gitlab.com","tags":["Permissions Required"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:58:35.457", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2022-0090", + "sourceIdentifier": "cve@gitlab.com", + "published": "2022-01-18T17:15:09.510", + "lastModified": "2022-01-25T14:49:33.973", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI." + }, + { + "lang": "es", + "value": "Se ha detectado un problema que afecta a versiones de GitLab anteriores a la 14.4.5, entre la 14.5.0 y la 14.5.3, y entre la 14.6.0 y la 14.6.1. GitLab está configurado de forma que no ignora las referencias de reemplazo con subcomandos git, lo que permite a un usuario malicioso falsificar el contenido de sus confirmaciones en la Interfaz de Usuario" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N\/AC:L\/Au:N\/C:N\/I:P\/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionEndExcluding": "14.4.5", + "matchCriteriaId": "DAFE3371-08B7-4003-AB1B-196DC1734C26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "14.4.5", + "matchCriteriaId": "6318720F-9838-43DF-A781-BAC58DF09E88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "14.5.0", + "versionEndExcluding": "14.5.3", + "matchCriteriaId": "F4792D58-0D9A-43E6-879B-8DC10289BBED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "14.5.0", + "versionEndExcluding": "14.5.3", + "matchCriteriaId": "2E89DBD2-9B16-4842-B103-B2B4096C046F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "14.6.0", + "versionEndExcluding": "14.6.1", + "matchCriteriaId": "E8762E3A-22EC-4E2A-BFDB-29E6C97170C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "14.6.0", + "versionEndExcluding": "14.6.1", + "matchCriteriaId": "1245CFA6-7887-4551-AE12-C8104F5B0B65" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/gitlab.com\/gitlab-org\/cves\/-\/blob\/master\/2022\/CVE-2022-0090.json", + "source": "cve@gitlab.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/gitlab.com\/gitlab-org\/gitaly\/-\/issues\/3948", + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "https:\/\/hackerone.com\/reports\/1415964", + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-1122.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-1122.json index dac18879044..c66ad3da687 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-1122.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-1122.json @@ -1 +1,197 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:59:04.687","vulnerabilities":[{"cve":{"id":"CVE-2022-1122","sourceIdentifier":"secalert@redhat.com","published":"2022-03-29T18:15:07.977","lastModified":"2023-11-07T03:41:45.443","vulnStatus":"Modified","descriptions":[{"lang":"en","value":"A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service."},{"lang":"es","value":"Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un búfer para almacenar los nombres de los archivos del directorio de entrada, llama a free() sobre un puntero no inicializado, conllevando a un fallo de segmentación y una denegación de servicio"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:N\/I:N\/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-665"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-665"},{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"2AA6CD3E-09FE-442F-A7E5-C661960ACBCD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https:\/\/github.com\/uclouvain\/openjpeg\/issues\/1368","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2022\/04\/msg00006.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7\/","source":"secalert@redhat.com"},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV\/","source":"secalert@redhat.com"},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4\/","source":"secalert@redhat.com"},{"url":"https:\/\/security.gentoo.org\/glsa\/202209-04","source":"secalert@redhat.com","tags":["Third Party Advisory"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:59:04.687", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2022-1122", + "sourceIdentifier": "secalert@redhat.com", + "published": "2022-03-29T18:15:07.977", + "lastModified": "2023-11-07T03:41:45.443", + "vulnStatus": "Modified", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service." + }, + { + "lang": "es", + "value": "Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un búfer para almacenar los nombres de los archivos del directorio de entrada, llama a free() sobre un puntero no inicializado, conllevando a un fallo de segmentación y una denegación de servicio" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N\/AC:M\/Au:N\/C:N\/I:N\/A:P", + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + }, + { + "lang": "en", + "value": "CWE-824" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2AA6CD3E-09FE-442F-A7E5-C661960ACBCD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", + "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", + "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", + "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/github.com\/uclouvain\/openjpeg\/issues\/1368", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/lists.debian.org\/debian-lts-announce\/2022\/04\/msg00006.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7\/", + "source": "secalert@redhat.com" + }, + { + "url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV\/", + "source": "secalert@redhat.com" + }, + { + "url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4\/", + "source": "secalert@redhat.com" + }, + { + "url": "https:\/\/security.gentoo.org\/glsa\/202209-04", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-25929.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-25929.json index 60dbd564f3f..256c79a77e9 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-25929.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-25929.json @@ -1 +1,141 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:59:06.103","vulnerabilities":[{"cve":{"id":"CVE-2022-25929","sourceIdentifier":"report@snyk.io","published":"2022-12-21T05:15:11.410","lastModified":"2022-12-27T22:43:39.123","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smoothiecharts:smoothie_charts:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.31.0","versionEndExcluding":"1.36.1","matchCriteriaId":"3BE4EA19-8F32-45EB-9558-CBABCAFEDF0F"}]}]}],"references":[{"url":"https:\/\/github.com\/joewalnes\/smoothie\/commit\/8e0920d50da82f4b6e605d56f41b69fbb9606a98","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/github.com\/joewalnes\/smoothie\/pull\/147","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARS-3177369","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-3177368","source":"report@snyk.io","tags":["Exploit"]},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JS-SMOOTHIE-3177364","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:59:06.103", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2022-25929", + "sourceIdentifier": "report@snyk.io", + "published": "2022-12-21T05:15:11.410", + "lastModified": "2022-12-27T22:43:39.123", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smoothiecharts:smoothie_charts:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "1.31.0", + "versionEndExcluding": "1.36.1", + "matchCriteriaId": "3BE4EA19-8F32-45EB-9558-CBABCAFEDF0F" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/github.com\/joewalnes\/smoothie\/commit\/8e0920d50da82f4b6e605d56f41b69fbb9606a98", + "source": "report@snyk.io", + "tags": [ + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/joewalnes\/smoothie\/pull\/147", + "source": "report@snyk.io", + "tags": [ + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARS-3177369", + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-3177368", + "source": "report@snyk.io", + "tags": [ + "Exploit" + ] + }, + { + "url": "https:\/\/security.snyk.io\/vuln\/SNYK-JS-SMOOTHIE-3177364", + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-29194.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-29194.json index 931d90bd042..872a8eee315 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-29194.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-29194.json @@ -1 +1,215 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:59:07.383","vulnerabilities":[{"cve":{"id":"CVE-2022-29194","sourceIdentifier":"security-advisories@github.com","published":"2022-05-20T21:15:10.530","lastModified":"2022-06-02T12:58:23.537","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."},{"lang":"es","value":"TensorFlow es una plataforma de código abierto para el aprendizaje automático. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementación de \"tf.raw_ops.DeleteSessionTensor\" no comprueba completamente los argumentos de entrada. Esto resulta en un fallo de \"CHECK\" que puede ser usado para desencadenar un ataque de denegación de servicio. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L\/AC:L\/Au:N\/C:N\/I:N\/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.4","matchCriteriaId":"D9359D32-D090-44CF-AC43-2046084A28BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.2","matchCriteriaId":"C4DFBF2D-5283-42F6-8800-D653BFA5CE82"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndExcluding":"2.8.1","matchCriteriaId":"0F9D273D-02DC-441E-AA91-EAC8DEAA4B44"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*","matchCriteriaId":"9CFB1CFC-579D-4647-A472-6DE8BE1951DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F3F3F37E-D27F-4060-830C-0AFF16150777"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.9.0:rc2:*:*:*:*:*:*","matchCriteriaId":"113B5FC0-ED39-4134-9722-A163B673E3EF"}]}]}],"references":[{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/blob\/f3b9bf4c3c0597563b289c0512e98d4ce81f886e\/tensorflow\/core\/kernels\/session_ops.cc#L128-L144","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/commit\/cff267650c6a1b266e4b4500f69fbc49cdd773c5","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.6.4","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.7.2","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.8.1","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.9.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https:\/\/github.com\/tensorflow\/tensorflow\/security\/advisories\/GHSA-h5g4-ppwx-48q2","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]} \ No newline at end of file +{ + "resultsPerPage": 1, + "startIndex": 0, + "totalResults": 1, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2023-11-26T23:59:07.383", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2022-29194", + "sourceIdentifier": "security-advisories@github.com", + "published": "2022-05-20T21:15:10.530", + "lastModified": "2022-06-02T12:58:23.537", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue." + }, + { + "lang": "es", + "value": "TensorFlow es una plataforma de código abierto para el aprendizaje automático. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementación de \"tf.raw_ops.DeleteSessionTensor\" no comprueba completamente los argumentos de entrada. Esto resulta en un fallo de \"CHECK\" que puede ser usado para desencadenar un ataque de denegación de servicio. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L\/AC:L\/Au:N\/C:N\/I:N\/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 2.1 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.4", + "matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.2", + "matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.8.0", + "versionEndExcluding": "2.8.1", + "matchCriteriaId": "0F9D273D-02DC-441E-AA91-EAC8DEAA4B44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*", + "matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "113B5FC0-ED39-4134-9722-A163B673E3EF" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/blob\/f3b9bf4c3c0597563b289c0512e98d4ce81f886e\/tensorflow\/core\/kernels\/session_ops.cc#L128-L144", + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/commit\/cff267650c6a1b266e4b4500f69fbc49cdd773c5", + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.6.4", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.7.2", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.8.1", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/releases\/tag\/v2.9.0", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] + }, + { + "url": "https:\/\/github.com\/tensorflow\/tensorflow\/security\/advisories\/GHSA-h5g4-ppwx-48q2", + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-2956.json b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-2956.json index 26a607ebf56..57baecb2cc0 100644 --- a/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-2956.json +++ b/vulnfeeds/test_data/nvdcve-2.0/CVE-2022-2956.json @@ -1 +1,130 @@ -{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:59:45.960","vulnerabilities":[{"cve":{"id":"CVE-2022-2956","sourceIdentifier":"cna@vuldb.com","published":"2022-08-23T11:15:08.137","lastModified":"2023-11-07T03:47:08.353","vulnStatus":"Modified","descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file \/Noxen-master\/users.php. The manipulation of the argument create_user_username with the input \">