Skip to content

Commit

Permalink
enrich several submissions via MITRE
Browse files Browse the repository at this point in the history 
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
@westonsteimel
westonsteimel committed May 31, 2024
1 parent b91e140 commit 2a83b0f
Show file tree
Hide file tree
Showing 6 changed files with 297 additions and 0 deletions.
54 changes: 54 additions & 0 deletions data/anchore/2024/CVE-2024-22871.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-22871",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://hackmd.io/%40fe1w0/rymmJGida",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"cpes": [
"cpe:2.3:a:clojure:clojure:*:*:*:*:*:*:*:*",
"cpe:2.3:a:org.clojure:clojure:*:*:*:*:*:maven:*:*"
],
"packageName": "org.clojure:clojure",
"product": "clojure",
"repo": "https://github.com/clojure/clojure",
"vendor": "clojure",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "1.7.0",
"versionType": "maven"
},
{
"lessThan": "1.12.0-alpha9",
"status": "affected",
"version": "1.12.0-alpha1",
"versionType": "maven"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/clojure/clojure/blob/c07c39cac49a91f6031fe05c2eb7a257aa089176/changes.md?plain=1#L7C33-L9"
},
{
"url": "https://github.com/advisories/GHSA-vr64-r9qj-h27f"
}
]
}
}
48 changes: 48 additions & 0 deletions data/anchore/2024/CVE-2024-27280.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-27280",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://hackerone.com/reports/1399856",
"https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://rubygems.org",
"cpes": [
"cpe:2.3:a:ruby-lang:stringio:*:*:*:*:*:*:*:*"
],
"packageName": "stringio",
"product": "stringio",
"repo": "https://github.com/ruby/stringio",
"vendor": "ruby",
"versions": [
{
"lessThan": "3.0.1.1",
"version": "0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.2.pre1",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-v5h6-c2hv-hv3r"
}
]
}
}
60 changes: 60 additions & 0 deletions data/anchore/2024/CVE-2024-27281.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-27281",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://hackerone.com/reports/1187477",
"https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://rubygems.org",
"cpes": [
"cpe:2.3:a:ruby-lang:rdoc:*:*:*:*:*:*:*:*"
],
"packageName": "rdoc",
"product": "rdoc",
"repo": "https://github.com/ruby/rdoc",
"vendor": "ruby",
"versions": [
{
"lessThan": "6.3.4.1",
"version": "0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "6.4.1.1",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"lessThan": "6.5.1.1",
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
},
{
"lessThan": "6.6.3.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-592j-995h-p23j"
}
]
}
}
53 changes: 53 additions & 0 deletions data/anchore/2024/CVE-2024-27282.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-27282",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://hackerone.com/reports/2122624",
"https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"
],
"product": "ruby",
"repo": "https://github.com/ruby/ruby",
"vendor": "ruby",
"versions": [
{
"lessThan": "3.0.7",
"version": "0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"version": "3.1.0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "3.2.4",
"version": "3.2.0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "3.3.1",
"version": "3.3.0",
"status": "affected",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
40 changes: 40 additions & 0 deletions data/anchore/2024/CVE-2024-28757.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-28757",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"http://www.openwall.com/lists/oss-security/2024/03/15/1",
"https://github.com/libexpat/libexpat/issues/839",
"https://github.com/libexpat/libexpat/pull/842",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/",
"https://security.netapp.com/advisory/ntap-20240322-0001/"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"
],
"product": "libexpat",
"repo": "https://github.com/libexpat/libexpat",
"vendor": "libexpat",
"versions": [
{
"lessThan": "2.6.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
42 changes: 42 additions & 0 deletions data/anchore/2024/CVE-2024-34459.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-34459",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8",
"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"
],
"product": "libxml2",
"repo": "https://gitlab.gnome.org/GNOME/libxml2",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "2.11.8",
"version": "0",
"status": "affected",
"versionType": "custom"
},
{
"lessThan": "2.12.7",
"version": "2.12",
"status": "affected",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}

0 comments on commit 2a83b0f

Please sign in to comment.