diff --git a/data/anchore/2022/CVE-2022-4974.json b/data/anchore/2022/CVE-2022-4974.json index d05bea2c..c85ed7fe 100644 --- a/data/anchore/2022/CVE-2022-4974.json +++ b/data/anchore/2022/CVE-2022-4974.json @@ -451,11 +451,13 @@ { "collectionURL": "https://wordpress.org/plugins", "cpes": [ + "cpe:2.3:a:stellarwp:the_events_calendar:*:*:*:*:*:wordpress:*:*", "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*" ], "packageName": "the-events-calendar", "packageType": "wordpress-plugin", "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", "vendor": "theeventscalendar", "versions": [ { diff --git a/data/anchore/2023/CVE-2023-35777.json b/data/anchore/2023/CVE-2023-35777.json index f99bed53..c7834cb3 100644 --- a/data/anchore/2023/CVE-2023-35777.json +++ b/data/anchore/2023/CVE-2023-35777.json @@ -22,6 +22,7 @@ { "collectionURL": "https://wordpress.org/plugins", "cpes": [ + "cpe:2.3:a:stellarwp:the_events_calendar:*:*:*:*:*:wordpress:*:*", "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*" ], "packageName": "the-events-calendar", diff --git a/data/anchore/2024/CVE-2024-11905.json b/data/anchore/2024/CVE-2024-11905.json new file mode 100644 index 00000000..2635c759 --- /dev/null +++ b/data/anchore/2024/CVE-2024-11905.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11905", + "description": "The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/animated-counters/trunk/animated-counters.php#L32", + "https://wordpress.org/plugins/animated-counters/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/afd2f09c-4bd5-47a5-8d4f-7345aa8925f8?source=cve" + ], + "upstream": { + "datePublished": "2024-12-16T23:24:17.743Z", + "dateReserved": "2024-11-27T16:52:28.361Z", + "dateUpdated": "2024-12-16T23:24:17.743Z", + "digest": "68abb249ad312ce2ae88469152f1ae6fdfee0b2e12d88988cd254f955fb05dd9" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:eralion:animated_counters:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "animated-counters", + "packageType": "wordpress-plugin", + "product": "Animated Counters", + "repo": "https://plugins.svn.wordpress.org/animated-counters", + "vendor": "freeben", + "versions": [ + { + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35230.json b/data/anchore/2024/CVE-2024-35230.json new file mode 100644 index 00000000..89c4ecbd --- /dev/null +++ b/data/anchore/2024/CVE-2024-35230.json @@ -0,0 +1,71 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35230", + "description": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8", + "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920", + "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6" + ], + "upstream": { + "datePublished": "2024-12-16T22:18:19.896Z", + "dateReserved": "2024-05-14T15:39:41.785Z", + "dateUpdated": "2024-12-16T22:18:19.896Z", + "digest": "8929faba860c3a8d0c1115ff5a726765cf957eed759ff5f41f221fc7a0c13660" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.osgeo.org", + "cpes": [ + "cpe:2.3:a:org.geoserver.web:gs-web-core:*:*:*:*:*:maven:*:*" + ], + "packageName": "org.geoserver.web:gs-web-core", + "packageType": "maven", + "product": "gs-web-core", + "repo": "https://github.com/geoserver/geoserver", + "vendor": "geoserver", + "versions": [ + { + "lessThan": "2.26.0", + "status": "affected", + "version": "2.0.0", + "versionType": "maven" + } + ] + }, + { + "collectionURL": "https://repo.osgeo.org", + "cpes": [ + "cpe:2.3:a:org.geoserver.web:gs-web-app:*:*:*:*:*:maven:*:*" + ], + "packageName": "org.geoserver.web:gs-web-app", + "packageType": "maven", + "product": "gs-web-app", + "repo": "https://github.com/geoserver/geoserver", + "vendor": "geoserver", + "versions": [ + { + "lessThan": "2.24.4", + "status": "affected", + "version": "2.10.0", + "versionType": "maven" + }, + { + "lessThan": "2.25.1", + "status": "affected", + "version": "2.25.0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-36107.json b/data/anchore/2024/CVE-2024-36107.json index 45ee5dd3..e0d6c1d4 100644 --- a/data/anchore/2024/CVE-2024-36107.json +++ b/data/anchore/2024/CVE-2024-36107.json @@ -2,6 +2,9 @@ "additionalMetadata": { "cna": "github_m", "cveId": "CVE-2024-36107", + "notes": [ + "The GitHub release fixed version is RELEASE.2024-05-27t19-17-46z, which corresponds to go module version v0.0.0-20240527191746-e0fe7cc39172" + ], "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since", @@ -25,10 +28,10 @@ "vendor": "minio", "versions": [ { - "lessThan": "RELEASE.2024-05-27t19-17-46z", + "lessThan": "v0.0.0-20240527191746-e0fe7cc39172", "status": "affected", "version": "0", - "versionType": "custom" + "versionType": "go" } ] } diff --git a/data/anchore/2024/CVE-2024-37251.json b/data/anchore/2024/CVE-2024-37251.json new file mode 100644 index 00000000..d8b29f07 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37251.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37251", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/advanced-custom-fields-pro/vulnerability/wordpress-advanced-custom-fields-pro-plugin-6-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 6.3.2 or a higher version." + ], + "upstream": { + "datePublished": "2024-12-16T15:03:38.797Z", + "dateReserved": "2024-06-04T16:46:44.985Z", + "dateUpdated": "2024-12-16T16:34:56.373Z", + "digest": "9d6bd4f38e1a9e09a31e9f3aeb04105e2e72f1f1fc1867491bf246266f1674ca" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*" + ], + "packageName": "advanced-custom-fields", + "packageType": "wordpress-plugin", + "product": "Advanced Custom Fields PRO", + "repo": "https://plugins.svn.wordpress.org/advanced-custom-fields", + "vendor": "WPENGINE, INC.", + "versions": [ + { + "lessThan": "6.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-4180.json b/data/anchore/2024/CVE-2024-4180.json index c6aea953..0b5fec55 100644 --- a/data/anchore/2024/CVE-2024-4180.json +++ b/data/anchore/2024/CVE-2024-4180.json @@ -18,6 +18,7 @@ "packageName": "the-events-calendar", "packageType": "wordpress-plugin", "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", "versions": [ { "lessThan": "6.4.0.1", diff --git a/data/anchore/2024/CVE-2024-5333.json b/data/anchore/2024/CVE-2024-5333.json new file mode 100644 index 00000000..83a6f3c2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-5333.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-5333", + "description": "The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/764b5a23-8b51-4882-b899-beb54f684984/" + ], + "upstream": { + "datePublished": "2024-12-16T06:00:05.897Z", + "dateReserved": "2024-05-24T18:27:38.074Z", + "dateUpdated": "2024-12-16T16:47:55.953Z", + "digest": "076e2a0c12a0c884db0981553eb58b7f0ac045250569c1a045284f4be6ade259" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:stellarwp:the_events_calendar:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "the-events-calendar", + "packageType": "wordpress-plugin", + "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", + "versions": [ + { + "lessThan": "6.8.2.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54257.json b/data/anchore/2024/CVE-2024-54257.json new file mode 100644 index 00000000..14a24505 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54257.json @@ -0,0 +1,45 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54257", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/tydskrif/vulnerability/wordpress-tydskrif-theme-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T15:40:24.007Z", + "dateReserved": "2024-12-02T12:03:42.956Z", + "dateUpdated": "2024-12-16T16:31:57.921Z", + "digest": "e8a481e833630393f074e8ea2e622688be2b709e9bf4361a0f53d5f7af5bd3ac" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:ayecode:restaurant_pt:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wpmole:tydskrif:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "tydskrif", + "packageType": "wordpress-theme", + "product": "tydskrif", + "repo": "https://themes.svn.wordpress.org/tydskrif", + "vendor": "Molefed", + "versions": [ + { + "lessThanOrEqual": "1.1.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54355.json b/data/anchore/2024/CVE-2024-54355.json new file mode 100644 index 00000000..a2137d82 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54355.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54355", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-17-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Mailster wordpress plugin to the latest available version (at least 1.8.18.0)." + ], + "upstream": { + "datePublished": "2024-12-16T14:14:13.158Z", + "dateReserved": "2024-12-02T12:05:27.399Z", + "dateUpdated": "2024-12-16T19:47:41.787Z", + "digest": "7c2be65435b8ced13768a5e69f08fd9f97de567b85e4f2d34584a535ac12a902" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-mailster", + "packageType": "wordpress-plugin", + "product": "WP Mailster", + "repo": "https://plugins.svn.wordpress.org/wp-mailster", + "vendor": "brandtoss", + "versions": [ + { + "lessThanOrEqual": "1.8.17.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54356.json b/data/anchore/2024/CVE-2024-54356.json new file mode 100644 index 00000000..997dba0e --- /dev/null +++ b/data/anchore/2024/CVE-2024-54356.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54356", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Online Booking & Scheduling Calendar for WordPress by vcita wordpress plugin to the latest available version (at least 4.5.2)." + ], + "upstream": { + "datePublished": "2024-12-16T14:14:12.526Z", + "dateReserved": "2024-12-02T12:05:27.399Z", + "dateUpdated": "2024-12-16T19:54:07.583Z", + "digest": "c468462a39eb15a778835c8b8b5a0c8fdbc3d6a39033d22c3055c16f4e50fa9c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress_by_vcita:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "meeting-scheduler-by-vcita", + "packageType": "wordpress-plugin", + "product": "Online Booking & Scheduling Calendar for WordPress by vcita", + "repo": "https://plugins.svn.wordpress.org/meeting-scheduler-by-vcita", + "vendor": "vCita.com", + "versions": [ + { + "lessThanOrEqual": "4.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54357.json b/data/anchore/2024/CVE-2024-54357.json new file mode 100644 index 00000000..6a379aa1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54357.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54357", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-theme-7-11-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Avada theme to the latest available version (at least 7.11.11)." + ], + "upstream": { + "datePublished": "2024-12-16T15:57:53.232Z", + "dateReserved": "2024-12-02T12:05:27.399Z", + "dateUpdated": "2024-12-16T16:09:54.339Z", + "digest": "e3bc1aa98cdea32675a913bf9398764d4226b702a66a86f240368e9ec6efd82b" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "avada", + "packageType": "wordpress-theme", + "product": "Avada", + "repo": "https://themes.svn.wordpress.org/avada", + "vendor": "ThemeFusion", + "versions": [ + { + "lessThanOrEqual": "7.11.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54366.json b/data/anchore/2024/CVE-2024-54366.json new file mode 100644 index 00000000..b8a02e3f --- /dev/null +++ b/data/anchore/2024/CVE-2024-54366.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54366", + "description": "Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/vimeography/vulnerability/wordpress-vimeography-plugin-2-4-4-full-path-disclosure-fpd-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Vimeography plugin to the latest available version (at least 2.4.5)." + ], + "upstream": { + "datePublished": "2024-12-16T14:13:36.049Z", + "dateReserved": "2024-12-02T12:05:34.988Z", + "dateUpdated": "2024-12-16T16:40:37.643Z", + "digest": "18919fa4c9dcc05dad2bd9a89123ffce1a15294603e71e2bcbd73154e3e38845" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:davekiss:vimeography:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "vimeography", + "packageType": "wordpress-plugin", + "product": "Vimeography", + "repo": "https://plugins.svn.wordpress.org/vimeography", + "vendor": "Dave Kiss", + "versions": [ + { + "lessThanOrEqual": "2.4.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54376.json b/data/anchore/2024/CVE-2024-54376.json new file mode 100644 index 00000000..f31e4d11 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54376.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54376", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/eazydocs/vulnerability/wordpress-eazydocs-plugin-2-5-4-local-file-inclusion-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T15:57:06.433Z", + "dateReserved": "2024-12-02T12:05:43.082Z", + "dateUpdated": "2024-12-16T16:11:00.993Z", + "digest": "b6bcb4f9d2ac05e668977b5c606df5843491f1de09ede052e081816012d2e29c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eazydocs", + "packageType": "wordpress-plugin", + "product": "EazyDocs", + "repo": "https://plugins.svn.wordpress.org/eazydocs", + "vendor": "Spider-themes", + "versions": [ + { + "lessThanOrEqual": "2.5.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54382.json b/data/anchore/2024/CVE-2024-54382.json new file mode 100644 index 00000000..73680e62 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54382.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54382", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-1-5-path-traversal-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Bold Page Builder plugin to the latest available version (at least 5.1.6)." + ], + "upstream": { + "datePublished": "2024-12-16T14:31:28.622Z", + "dateReserved": "2024-12-02T12:05:43.083Z", + "dateUpdated": "2024-12-16T19:42:50.961Z", + "digest": "622bacfd80b30d71648cfe594b80d7229394307c58f66ee49c6fc8a3bc2fbab5" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:bold-themes:bold_page_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "bold-page-builder", + "packageType": "wordpress-plugin", + "product": "Bold Page Builder", + "repo": "https://plugins.svn.wordpress.org/bold-page-builder", + "vendor": "BoldThemes", + "versions": [ + { + "lessThanOrEqual": "5.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54385.json b/data/anchore/2024/CVE-2024-54385.json new file mode 100644 index 00000000..399b5c7f --- /dev/null +++ b/data/anchore/2024/CVE-2024-54385.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54385", + "description": "Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/radio-player/vulnerability/wordpress-radio-player-plugin-2-0-82-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T14:31:28.041Z", + "dateReserved": "2024-12-02T12:05:53.484Z", + "dateUpdated": "2024-12-16T16:37:41.783Z", + "digest": "15f04b585e148f3d46fea747c1546e74c8a33436143cfbf05de755cda73b8163" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:softlabbd:radio_player:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "radio-player", + "packageType": "wordpress-plugin", + "product": "Radio Player", + "repo": "https://plugins.svn.wordpress.org/radio-player", + "vendor": "SoftLab", + "versions": [ + { + "lessThanOrEqual": "2.0.82", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54398.json b/data/anchore/2024/CVE-2024-54398.json new file mode 100644 index 00000000..168d8a86 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54398.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54398", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/flaming-forms/vulnerability/wordpress-flaming-forms-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T14:14:02.930Z", + "dateReserved": "2024-12-02T12:06:03.420Z", + "dateUpdated": "2024-12-16T19:58:45.579Z", + "digest": "5c7f7370abdfe040572982947ba955409fb7c1c444291f5b9e3781d8b854996a" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:projectcaruso:flaming_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "flaming-forms", + "packageType": "wordpress-plugin", + "product": "Flaming Forms", + "repo": "https://plugins.svn.wordpress.org/flaming-forms", + "vendor": "Project Caruso", + "versions": [ + { + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54430.json b/data/anchore/2024/CVE-2024-54430.json new file mode 100644 index 00000000..d17675b9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54430.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54430", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T14:13:46.585Z", + "dateReserved": "2024-12-02T12:06:31.386Z", + "dateUpdated": "2024-12-16T20:02:53.214Z", + "digest": "a3c4431d2f45643373e35b1dfed7952012ba6fd932d63721884521e8df2f75c0" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:eelv_newsletter_project:eelv_newsletter:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eelv-newsletter", + "packageType": "wordpress-plugin", + "product": "EELV Newsletter", + "repo": "https://plugins.svn.wordpress.org/eelv-newsletter", + "vendor": "Bastien Ho", + "versions": [ + { + "lessThanOrEqual": "4.8.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-55949.json b/data/anchore/2024/CVE-2024-55949.json new file mode 100644 index 00000000..0839fe5d --- /dev/null +++ b/data/anchore/2024/CVE-2024-55949.json @@ -0,0 +1,51 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-55949", + "description": "MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.", + "notes": [ + "The GitHub release fixed version is RELEASE.2024-12-13t22-19-12z, which corresponds to go module version v0.0.0-20241213221912-68b004a48f41", + "The GitHub release beginning affected version is RELEASE.2022-06-25T15-50-16Z which corresponds to go module version v0.0.0-20220623162515-580d9db85e04" + ], + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f", + "https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427", + "https://github.com/minio/minio/pull/20756", + "https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg" + ], + "upstream": { + "datePublished": "2024-12-16T20:02:00.856Z", + "dateReserved": "2024-12-13T17:39:32.960Z", + "dateUpdated": "2024-12-16T20:18:46.452Z", + "digest": "f9ce0449d555db1dc30b8e6aa15353cc74b9c85e6d7599c2c8ede357537c37d3" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:minio:minio:*:*:*:*:*:go:*:*" + ], + "packageName": "github.com/minio/minio", + "packageType": "go-module", + "product": "minio", + "repo": "https://github.com/minio/minio", + "vendor": "minio", + "versions": [ + { + "lessThan": "v0.0.0-20241213221912-68b004a48f41", + "status": "affected", + "version": "v0.0.0-20220623162515-580d9db85e04", + "versionType": "go" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-55951.json b/data/anchore/2024/CVE-2024-55951.json new file mode 100644 index 00000000..eff22941 --- /dev/null +++ b/data/anchore/2024/CVE-2024-55951.json @@ -0,0 +1,45 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-55951", + "description": "Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://downloads.metabase.com/v0.52.2.5/metabase.jar", + "https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3", + "https://hub.docker.com/r/metabase/metabase/tags" + ], + "upstream": { + "datePublished": "2024-12-16T20:03:54.861Z", + "dateReserved": "2024-12-13T17:47:38.371Z", + "dateUpdated": "2024-12-16T20:03:54.861Z", + "digest": "3bfb00134789381795919a8000bedff9e0c053c532717048f55d75cda92e98d2" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*" + ], + "packageName": "metabase/metabase", + "product": "metabase", + "repo": "https://github.com/metabase/metabase", + "vendor": "metabase", + "versions": [ + { + "lessThan": "1.52.2.5", + "status": "affected", + "version": "1.52.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-55996.json b/data/anchore/2024/CVE-2024-55996.json new file mode 100644 index 00000000..5618f48d --- /dev/null +++ b/data/anchore/2024/CVE-2024-55996.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-55996", + "description": "Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/woocommerce-product-payments/vulnerability/wordpress-payment-gateway-per-product-for-woocommerce-plugin-3-5-6-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2024-12-16T14:31:15.671Z", + "dateReserved": "2024-12-14T19:42:01.725Z", + "dateUpdated": "2024-12-16T19:44:17.987Z", + "digest": "69969910aeba894a2afbd41098228905b0db2c08e8549d91067a9923d373994f" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dreamfoxmedia:payment_gateway_per_product_for_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woocommerce-product-payments", + "packageType": "wordpress-plugin", + "product": "Dreamfox Media Payment gateway per Product for Woocommerce", + "repo": "https://plugins.svn.wordpress.org/woocommerce-product-payments", + "vendor": "Dreamfox", + "versions": [ + { + "lessThanOrEqual": "3.5.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-6931.json b/data/anchore/2024/CVE-2024-6931.json index ed43ccd3..c407fe96 100644 --- a/data/anchore/2024/CVE-2024-6931.json +++ b/data/anchore/2024/CVE-2024-6931.json @@ -21,6 +21,7 @@ "packageName": "the-events-calendar", "packageType": "wordpress-plugin", "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", "vendor": "theeventscalendar", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-8116.json b/data/anchore/2024/CVE-2024-8116.json new file mode 100644 index 00000000..99463444 --- /dev/null +++ b/data/anchore/2024/CVE-2024-8116.json @@ -0,0 +1,195 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-8116", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/480509", + "https://hackerone.com/reports/2666216" + ], + "solutions": [ + "Upgrade to versions 17.6.2, 17.5.4, 17.4.6 or above." + ], + "upstream": { + "datePublished": "2024-12-16T04:31:08.730Z", + "dateReserved": "2024-08-23T13:02:09.237Z", + "dateUpdated": "2024-12-16T16:44:50.250Z", + "digest": "b49cd30146fea97c7f0369769ed75e37084e21b86c5874dc829c329dc9bc2a1e" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "semver" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "semver" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*" + ], + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "semver" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "semver" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", + "packageName": "gitlab-ee", + "packageType": "deb", + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "deb" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "deb" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "deb" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", + "packageName": "gitlab-ee", + "packageType": "rpm", + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "rpm" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "rpm" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "rpm" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce", + "packageName": "gitlab-ce", + "packageType": "deb", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "deb" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "deb" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "deb" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce", + "packageName": "gitlab-ce", + "packageType": "rpm", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "16.9", + "versionType": "rpm" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "rpm" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "rpm" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8275.json b/data/anchore/2024/CVE-2024-8275.json index 17700630..11a1214e 100644 --- a/data/anchore/2024/CVE-2024-8275.json +++ b/data/anchore/2024/CVE-2024-8275.json @@ -22,6 +22,7 @@ "packageName": "the-events-calendar", "packageType": "wordpress-plugin", "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", "vendor": "theeventscalendar", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-8650.json b/data/anchore/2024/CVE-2024-8650.json new file mode 100644 index 00000000..9f711759 --- /dev/null +++ b/data/anchore/2024/CVE-2024-8650.json @@ -0,0 +1,195 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-8650", + "description": "An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/486300", + "https://hackerone.com/reports/2705909" + ], + "solutions": [ + "Upgrade to versions 17.6.2, 17.5.4, 17.4.6 or above." + ], + "upstream": { + "datePublished": "2024-12-16T04:30:58.662Z", + "dateReserved": "2024-09-10T12:02:07.088Z", + "dateUpdated": "2024-12-16T16:45:13.671Z", + "digest": "e064384605a75333d623b0678a0c74e1b6c63e806052cd14638874bb757106b0" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "semver" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "semver" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*" + ], + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "semver" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "semver" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", + "packageName": "gitlab-ee", + "packageType": "deb", + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "deb" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "deb" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "deb" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", + "packageName": "gitlab-ee", + "packageType": "rpm", + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "rpm" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "rpm" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "rpm" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce", + "packageName": "gitlab-ce", + "packageType": "deb", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "deb" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "deb" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "deb" + } + ] + }, + { + "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce", + "packageName": "gitlab-ce", + "packageType": "rpm", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.4.6", + "status": "affected", + "version": "15.0", + "versionType": "rpm" + }, + { + "lessThan": "17.5.4", + "status": "affected", + "version": "17.5", + "versionType": "rpm" + }, + { + "lessThan": "17.6.2", + "status": "affected", + "version": "17.6", + "versionType": "rpm" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file