add fluentbit info for CVE-2024-23722

Signed-off-by: Weston Steimel <[email protected]>
anchore · May 28, 2024 · 72541a2 · 72541a2
1 parent b6e0859
commit 72541a2
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-23722.json b/data/anchore/2024/CVE-2024-23722.json
@@ -0,0 +1,35 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-23722",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2",
+      "https://medium.com/%40adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Fluent Bit",
+        "repo": "https://github.com/fluent/fluent-bit",
+        "vendor": "Fluent Bit",
+        "versions": [
+          {
+            "lessThan": "2.2.2",
+            "status": "affected",
+            "version": "2.1.8",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}