github_m 2024-06-05

Signed-off-by: Weston Steimel <[email protected]>
anchore · Jun 5, 2024 · 6835e0e · 6835e0e
1 parent f92ffe4
commit 6835e0e
Show file tree

Hide file tree

Showing 13 changed files with 647 additions and 3 deletions.
diff --git a/data/anchore/2024/CVE-2024-23326.json b/data/anchore/2024/CVE-2024-23326.json
@@ -0,0 +1,54 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-23326",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "envoyproxy/envoy",
+        "product": "envoy",
+        "repo": "https://github.com/envoyproxy/envoy",
+        "vendor": "envoyproxy",
+        "versions": [
+          {
+            "lessThan": "1.30.2",
+            "status": "affected",
+            "version": "1.30.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "1.29.5",
+            "status": "affected",
+            "version": "1.29.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "1.28.4",
+            "status": "affected",
+            "version": "1.28.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "1.27.6",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-26142.json b/data/anchore/2024/CVE-2024-26142.json
@@ -16,10 +16,30 @@
       {
         "collectionURL": "https://rubygems.org",
         "cpes": [
-          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*"
+          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:ruby:*:*"
         ],
         "packageName": "rails",
         "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "7.1.3.1",
+            "status": "affected",
+            "version": "7.1.0",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:actionpack_project:actionpack:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "actionpack",
+        "product": "actionpack",
         "vendor": "rails",
         "versions": [
           {

diff --git a/data/anchore/2024/CVE-2024-26143.json b/data/anchore/2024/CVE-2024-26143.json
@@ -16,10 +16,37 @@
       {
         "collectionURL": "https://rubygems.org",
         "cpes": [
-          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*"
+          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:ruby:*:*"
         ],
         "packageName": "rails",
         "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "7.0.8.1",
+            "status": "affected",
+            "version": "7.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.1.3.1",
+            "status": "affected",
+            "version": "7.1.0",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:actionpack_project:actionpack:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "actionpack",
+        "product": "actionpack",
+        "repo": "https://github.com/rails/rails",
         "vendor": "rails",
         "versions": [
           {

diff --git a/data/anchore/2024/CVE-2024-26144.json b/data/anchore/2024/CVE-2024-26144.json
@@ -16,10 +16,36 @@
       {
         "collectionURL": "https://rubygems.org",
         "cpes": [
-          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*"
+          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:ruby:*:*"
         ],
         "packageName": "rails",
         "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "6.1.7.7",
+            "status": "affected",
+            "version": "5.2.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.0.8.1",
+            "status": "affected",
+            "version": "7.0.0",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:rubyonrails:activestorage:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "activestorage",
+        "product": "activestorage",
+        "repo": "https://github.com/rails/rails",
         "vendor": "rails",
         "versions": [
           {

diff --git a/data/anchore/2024/CVE-2024-28103.json b/data/anchore/2024/CVE-2024-28103.json
@@ -0,0 +1,93 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-28103",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523",
+      "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "rails",
+        "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "6.1.7.8",
+            "status": "affected",
+            "version": "6.1.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.0.8.4",
+            "status": "affected",
+            "version": "7.0.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.1.3.4",
+            "status": "affected",
+            "version": "7.1.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.2.0.beta2",
+            "status": "affected",
+            "version": "7.2.0.beta1",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:actionpack_project:actionpack:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "actionpack",
+        "product": "actionpack",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "6.1.7.8",
+            "status": "affected",
+            "version": "6.1.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.0.8.4",
+            "status": "affected",
+            "version": "7.0.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.1.3.4",
+            "status": "affected",
+            "version": "7.1.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.2.0.beta2",
+            "status": "affected",
+            "version": "7.2.0.beta1",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-32464.json b/data/anchore/2024/CVE-2024-32464.json
@@ -0,0 +1,68 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-32464",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995",
+      "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*",
+          "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "rails",
+        "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "7.1.3.4",
+            "status": "affected",
+            "version": "7.1.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.2.0.beta2",
+            "status": "affected",
+            "version": "7.2.0.beta1",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://rubygems.org",
+        "cpes": [
+          "cpe:2.3:a:rubyonrails:actiontext:*:*:*:*:*:ruby:*:*"
+        ],
+        "packageName": "actiontext",
+        "product": "rails",
+        "repo": "https://github.com/rails/rails",
+        "vendor": "rails",
+        "versions": [
+          {
+            "lessThan": "7.1.3.4",
+            "status": "affected",
+            "version": "7.1.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "7.2.0.beta2",
+            "status": "affected",
+            "version": "7.2.0.beta1",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-32871.json b/data/anchore/2024/CVE-2024-32871.json
@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-32871",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaaba06",
+      "https://github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bd85",
+      "https://github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwx"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://packagist.org",
+        "cpes": [
+          "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "pimcore/pimcore",
+        "product": "pimcore",
+        "repo": "https://github.com/pimcore/pimcore",
+        "vendor": "pimcore",
+        "versions": [
+          {
+            "lessThan": "11.2.4",
+            "status": "affected",
+            "version": "11.0.0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}