enrich CVE-2024-21890 for nodejs

Signed-off-by: Weston Steimel <[email protected]>
anchore · May 30, 2024 · 3b27da0 · 3b27da0
1 parent 8217e51
commit 3b27da0
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-21890.json b/data/anchore/2024/CVE-2024-21890.json
@@ -0,0 +1,49 @@
+{
+  "additionalMetadata": {
+    "cna": "hackerone",
+    "cveId": "CVE-2024-21890",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "http://www.openwall.com/lists/oss-security/2024/03/11/1",
+      "https://hackerone.com/reports/2257156",
+      "https://security.netapp.com/advisory/ntap-20240315-0002/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Node.js",
+        "vendor": "Node.js",
+        "versions": [
+          {
+            "lessThan": "21.6.2",
+            "status": "affected",
+            "version": "21",
+            "versionType": "semver"
+          },
+          {
+            "lessThan": "20.11.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/nodejs/node/releases/tag/v20.11.1"
+      },
+      {
+        "url": "https://github.com/nodejs/node/releases/tag/v21.6.2"
+      }
+    ]
+  }
+}