diff --git a/data/anchore/2023/CVE-2023-42821.json b/data/anchore/2023/CVE-2023-42821.json new file mode 100644 index 00000000..081d2c44 --- /dev/null +++ b/data/anchore/2023/CVE-2023-42821.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2023-42821", + "description": "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.", + "reason": "Add fix versions", + "references": [ + "https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69", + "https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940", + "https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:gomarkdown:markdown:*:*:*:*:*:go:*:*" + ], + "packageName": "github.com/gomarkdown/markdown", + "packageType": "go-module", + "product": "markdown", + "repo": "https://github.com/gomarkdown/markdown", + "vendor": "gomarkdown", + "versions": [ + { + "lessThan": "0.0.0-20230922105210-14b16010c2ee", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file