From a721fde341b4dfb4ed9e079aae3933938d2f39f0 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Wed, 29 May 2024 16:53:26 +0100 Subject: [PATCH] enrich CVE-2024-20923 for openjfx Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-20923.json | 129 ++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-20923.json diff --git a/data/anchore/2024/CVE-2024-20923.json b/data/anchore/2024/CVE-2024-20923.json new file mode 100644 index 00000000..758aa5b0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-20923.json @@ -0,0 +1,129 @@ +{ + "additionalMetadata": { + "cna": "oracle", + "cveId": "CVE-2024-20923", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.oracle.com/security-alerts/cpujan2024.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:oracle:graalvm_enterprise:*:*:*:*:*:*:*:*" + ], + "product": "GraalVM Enterprise", + "vendor": "Oracle Corporation", + "versions": [ + { + "lessThanOrEqual": "20.3.12", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThanOrEqual": "21.3.8", + "status": "affected", + "version": "21-ea", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*" + ], + "product": "GraalVM for JDK", + "vendor": "Oracle Corporation", + "versions": [ + { + "lessThanOrEqual": "17.0.9", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThanOrEqual": "21.0.1", + "status": "affected", + "version": "18-ea", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*", + "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", + "cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*" + ], + "product": "Java SE", + "vendor": "Oracle Corporation", + "versions": [ + { + "lessThanOrEqual": "1.8.0_391", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThanOrEqual": "8.0.391", + "status": "affected", + "version": "1.9-ea", + "versionType": "custom" + } + ] + }, + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.openjfx:javafx-graphics", + "cpes": [ + "cpe:2.3:a:oracle:openjfx:*:*:*:*:*:*:*:*", + "cpe:2.3:a:openjdk:jfx:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.openjfx:javafx-graphics:*:*:*:*:*:*:*:*" + ], + "repo": "https://github.com/openjdk/jfx", + "product": "OpenJFX", + "vendor": "Oracle Corporation", + "versions": [ + { + "lessThan": "17.0.10", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "21.0.2", + "status": "affected", + "version": "18-ea", + "versionType": "semver" + }, + { + "lessThan": "22-ea+27", + "status": "affected", + "version": "22-ea", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://openjdk.org/groups/vulnerability/advisories/2024-01-16" + }, + { + "url": "https://github.com/openjdk/jfx17u/commit/18206453163dec04f36f8787ce73624bb9ba6a7d" + }, + { + "url": "https://github.com/openjdk/jfx21u/commit/0c00753da13ed696b1a5025ce01ff478ee7ebd0a" + }, + { + "url": "https://github.com/openjdk/jfx/commit/0a52a4cf1d1226e7a3c6d73313fde02e7f36fb11" + } + ] + } +} \ No newline at end of file