Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 4ee7a90

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent 783c6eb commit 4ee7a90

11 files changed

+564
-31
lines changed

2017/12xxx/CVE-2017-12613.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,11 @@
126126
"refsource": "MLIST",
127127
"name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
128128
"url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E"
129+
},
130+
{
131+
"refsource": "MLIST",
132+
"name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
133+
"url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E"
129134
}
130135
]
131136
}

2021/21xxx/CVE-2021-21823.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-21823",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Komoot",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Komoot GmbH Komoot 10.26.9 , Komoot GmbH Komoot 11.0.14 ,Komoot GmbH Komoot 11.1.11"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "privacy violation"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1288",
50+
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1288"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22238.json

Lines changed: 86 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,97 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22238",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "GitLab",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "GitLab",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": ">=14.1, <14.1.2"
23+
},
24+
{
25+
"version_value": ">=14.0, <14.0.7"
26+
},
27+
{
28+
"version_value": ">13.3, <13.12.9"
29+
}
30+
]
31+
}
32+
}
33+
]
34+
}
35+
}
36+
]
37+
}
38+
},
39+
"problemtype": {
40+
"problemtype_data": [
41+
{
42+
"description": [
43+
{
44+
"lang": "eng",
45+
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
46+
}
47+
]
48+
}
49+
]
50+
},
51+
"references": {
52+
"reference_data": [
53+
{
54+
"name": "https://hackerone.com/reports/1212067",
55+
"url": "https://hackerone.com/reports/1212067",
56+
"refsource": "MISC"
57+
},
58+
{
59+
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/332420",
60+
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/332420",
61+
"refsource": "MISC"
62+
},
63+
{
64+
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json",
65+
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json",
66+
"refsource": "CONFIRM"
67+
}
68+
]
969
},
1070
"description": {
1171
"description_data": [
1272
{
1373
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
74+
"value": "An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues."
1575
}
1676
]
17-
}
77+
},
78+
"impact": {
79+
"cvss": {
80+
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
81+
"attackComplexity": "LOW",
82+
"attackVector": "NETWORK",
83+
"availabilityImpact": "NONE",
84+
"confidentialityImpact": "HIGH",
85+
"integrityImpact": "NONE",
86+
"privilegesRequired": "LOW",
87+
"scope": "CHANGED",
88+
"userInteraction": "REQUIRED",
89+
"version": "3.1",
90+
"baseScore": 6.8,
91+
"baseSeverity": "MEDIUM"
92+
}
93+
},
94+
"credit": [
95+
{
96+
"lang": "eng",
97+
"value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program"
98+
}
99+
]
18100
}

2021/22xxx/CVE-2021-22246.json

Lines changed: 86 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,97 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22246",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "GitLab",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "GitLab",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": ">=2.0, <13.11.6"
23+
},
24+
{
25+
"version_value": ">=13.12, <13.12.6"
26+
},
27+
{
28+
"version_value": ">=14.0, <14.0.2"
29+
}
30+
]
31+
}
32+
}
33+
]
34+
}
35+
}
36+
]
37+
}
38+
},
39+
"problemtype": {
40+
"problemtype_data": [
41+
{
42+
"description": [
43+
{
44+
"lang": "eng",
45+
"value": "Allocation of resources without limits or throttling in GitLab"
46+
}
47+
]
48+
}
49+
]
50+
},
51+
"references": {
52+
"reference_data": [
53+
{
54+
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/280633",
55+
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/280633",
56+
"refsource": "MISC"
57+
},
58+
{
59+
"name": "https://hackerone.com/reports/1029269",
60+
"url": "https://hackerone.com/reports/1029269",
61+
"refsource": "MISC"
62+
},
63+
{
64+
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json",
65+
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json",
66+
"refsource": "CONFIRM"
67+
}
68+
]
969
},
1070
"description": {
1171
"description_data": [
1272
{
1373
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
74+
"value": "A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks."
1575
}
1676
]
17-
}
77+
},
78+
"impact": {
79+
"cvss": {
80+
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
81+
"attackComplexity": "LOW",
82+
"attackVector": "NETWORK",
83+
"availabilityImpact": "HIGH",
84+
"confidentialityImpact": "NONE",
85+
"integrityImpact": "NONE",
86+
"privilegesRequired": "LOW",
87+
"scope": "CHANGED",
88+
"userInteraction": "NONE",
89+
"version": "3.1",
90+
"baseScore": 7.7,
91+
"baseSeverity": "HIGH"
92+
}
93+
},
94+
"credit": [
95+
{
96+
"lang": "eng",
97+
"value": "Thanks afewgoats for reporting this vulnerability through our HackerOne bug bounty program"
98+
}
99+
]
18100
}

2021/22xxx/CVE-2021-22254.json

Lines changed: 86 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,97 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22254",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "GitLab",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "GitLab",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": ">=13.1, <13.12.9"
23+
},
24+
{
25+
"version_value": ">=14.0, <14.0.7"
26+
},
27+
{
28+
"version_value": ">=14.1, <14.1.2"
29+
}
30+
]
31+
}
32+
}
33+
]
34+
}
35+
}
36+
]
37+
}
38+
},
39+
"problemtype": {
40+
"problemtype_data": [
41+
{
42+
"description": [
43+
{
44+
"lang": "eng",
45+
"value": "Improper encoding or escaping of output in GitLab"
46+
}
47+
]
48+
}
49+
]
50+
},
51+
"references": {
52+
"reference_data": [
53+
{
54+
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300265",
55+
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300265",
56+
"refsource": "MISC"
57+
},
58+
{
59+
"name": "https://hackerone.com/reports/1087806",
60+
"url": "https://hackerone.com/reports/1087806",
61+
"refsource": "MISC"
62+
},
63+
{
64+
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json",
65+
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json",
66+
"refsource": "CONFIRM"
67+
}
68+
]
969
},
1070
"description": {
1171
"description_data": [
1272
{
1373
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
74+
"value": "Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9."
1575
}
1676
]
17-
}
77+
},
78+
"impact": {
79+
"cvss": {
80+
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
81+
"attackComplexity": "HIGH",
82+
"attackVector": "NETWORK",
83+
"availabilityImpact": "NONE",
84+
"confidentialityImpact": "LOW",
85+
"integrityImpact": "NONE",
86+
"privilegesRequired": "LOW",
87+
"scope": "UNCHANGED",
88+
"userInteraction": "NONE",
89+
"version": "3.1",
90+
"baseScore": 3.0,
91+
"baseSeverity": "LOW"
92+
}
93+
},
94+
"credit": [
95+
{
96+
"lang": "eng",
97+
"value": "Thanks ledz1996 for reporting this vulnerability through our HackerOne bug bounty program"
98+
}
99+
]
18100
}

0 commit comments

Comments
 (0)