From 92a5ff7ab1af2efb16ae22ffa27899b46ba61514 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 3 Jun 2024 09:20:30 +0100 Subject: [PATCH] enrich CVE-2024-35196 for sentry Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-35196.json | 42 +++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-35196.json diff --git a/data/anchore/2024/CVE-2024-35196.json b/data/anchore/2024/CVE-2024-35196.json new file mode 100644 index 00000000..f08d49e7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35196.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35196", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://api.slack.com/authentication/verifying-requests-from-slack#app-management-updates", + "https://api.slack.com/authentication/verifying-requests-from-slack#deprecation", + "https://api.slack.com/authentication/verifying-requests-from-slack#regenerating", + "https://develop.sentry.dev/integrations/slack", + "https://github.com/getsentry/sentry/blob/17d2b87e39ccd57e11da4deed62971ff306253d1/src/sentry/conf/server.py#L1307", + "https://github.com/getsentry/sentry/pull/70508", + "https://github.com/getsentry/sentry/security/advisories/GHSA-c2g2-gx4j-rj3j" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*" + ], + "packageName": "getsentry/sentry", + "product": "sentry", + "repo": "https://github.com/getsentry/sentry", + "vendor": "getsentry", + "versions": [ + { + "lessThan": "24.5.0", + "status": "affected", + "version": "24.3.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file