Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update gitlab.com namespace data #2487

Merged
merged 1 commit into from
Aug 30, 2023
Merged

update gitlab.com namespace data #2487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
41 changes: 41 additions & 0 deletions 2005/4xxx/GSD-2005-4849.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,47 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,10.1.1.0]",
"affected_versions": "All versions up to 10.1.1.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2022-05-25",
"description": "Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.",
"fixed_versions": [
"10.1.2.1"
],
"identifier": "CVE-2005-4849",
"identifiers": [
"GHSA-rp7r-79rm-2758",
"CVE-2005-4849"
],
"not_impacted": "All versions after 10.1.1.0",
"package_slug": "maven/org.apache.derby/derby",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 10.1.2.1 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2005-4849",
"http://db.apache.org/derby/releases/release-10.1.2.1.html",
"http://issues.apache.org/jira/browse/DERBY-530",
"http://issues.apache.org/jira/browse/DERBY-559",
"https://github.com/apache/derby/commit/09a7325f75a4f96a7735e46c9723930f88ea2613",
"https://github.com/apache/derby/commit/82d721fd53e30dbb86d6d742c085030985091968",
"https://github.com/apache/derby/commit/fd24a7590ff5426bac68303fbeca07dbc5067412",
"http://svn.apache.org/viewvc?view=revision&revision=289672",
"https://github.com/advisories/GHSA-rp7r-79rm-2758"
],
"uuid": "d5b56b58-31ba-44f6-8aa3-f17558e9b119"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
49 changes: 49 additions & 0 deletions 2006/0xxx/GSD-2006-0254.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,55 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.1)",
"affected_versions": "All versions before 1.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-07-28",
"description": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.",
"fixed_versions": [
"1.1"
],
"identifier": "CVE-2006-0254",
"identifiers": [
"GHSA-2jxh-3cx8-xw65",
"CVE-2006-0254"
],
"not_impacted": "All versions starting from 1.1",
"package_slug": "maven/geronimo/geronimo-console-standard",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 1.1 or above.",
"title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-0254",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/24158",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/24159",
"https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create",
"http://issues.apache.org/jira/browse/GERONIMO-1474",
"http://rhn.redhat.com/errata/RHSA-2008-0630.html",
"http://secunia.com/advisories/18485",
"http://secunia.com/advisories/31493",
"http://www.oliverkarow.de/research/geronimo_css.txt",
"http://www.redhat.com/support/errata/RHSA-2008-0261.html",
"http://www.securityfocus.com/archive/1/421996/100/0/threaded",
"http://www.securityfocus.com/bid/16260",
"http://www.vupen.com/english/advisories/2006/0217",
"https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html",
"https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch",
"http://svn.apache.org/viewvc?view=revision&revision=372322",
"https://github.com/advisories/GHSA-2jxh-3cx8-xw65"
],
"uuid": "dbc8f3c0-6cf7-4f5f-9637-491da68c27d6"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
36 changes: 36 additions & 0 deletions 2006/1xxx/GSD-2006-1546.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,42 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.2.9)",
"affected_versions": "All versions before 1.2.9",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-06-07",
"description": "Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
"fixed_versions": [
"1.2.9"
],
"identifier": "CVE-2006-1546",
"identifiers": [
"GHSA-vf8g-mpmw-qv87",
"CVE-2006-1546"
],
"not_impacted": "All versions starting from 1.2.9",
"package_slug": "maven/struts/struts",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 1.2.9 or above.",
"title": "Apache Struts vulnerable to Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-1546",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/25612",
"http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%[email protected]%3e",
"http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%[email protected]%3e",
"https://github.com/advisories/GHSA-vf8g-mpmw-qv87"
],
"uuid": "32e490d9-f065-4e39-9735-112934f9f0aa"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
34 changes: 34 additions & 0 deletions 2006/1xxx/GSD-2006-1547.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,40 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.2.9)",
"affected_versions": "All versions before 1.2.9",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-06-07",
"description": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
"fixed_versions": [
"1.2.9"
],
"identifier": "CVE-2006-1547",
"identifiers": [
"GHSA-7qwv-cwgj-c8rj",
"CVE-2006-1547"
],
"not_impacted": "All versions starting from 1.2.9",
"package_slug": "maven/struts/struts",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 1.2.9 or above.",
"title": "Improper Input Validation in Apache Struts",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-1547",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/25613",
"https://github.com/advisories/GHSA-7qwv-cwgj-c8rj"
],
"uuid": "0e385f18-b5c9-4b6f-bf37-888695f40298"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
35 changes: 35 additions & 0 deletions 2006/1xxx/GSD-2006-1548.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,41 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.2.9)",
"affected_versions": "All versions before 1.2.9",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-06-07",
"description": "Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
"fixed_versions": [
"1.2.9"
],
"identifier": "CVE-2006-1548",
"identifiers": [
"GHSA-p3vw-fvwx-qcv5",
"CVE-2006-1548"
],
"not_impacted": "All versions starting from 1.2.9",
"package_slug": "maven/struts/struts",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 1.2.9 or above.",
"title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-1548",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/25614",
"https://github.com/advisories/GHSA-p3vw-fvwx-qcv5"
],
"uuid": "e7d98737-a014-458d-b06b-5d9b3ede75a9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
34 changes: 34 additions & 0 deletions 2006/2xxx/GSD-2006-2759.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,40 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,6.0.0)",
"affected_versions": "All versions before 6.0.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-06-14",
"description": "jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.",
"fixed_versions": [
"6.0.0"
],
"identifier": "CVE-2006-2759",
"identifiers": [
"GHSA-mq4x-8whh-jx73",
"CVE-2006-2759"
],
"not_impacted": "All versions starting from 6.0.0",
"package_slug": "maven/org.mortbay.jetty/jetty",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 6.0.0 or above.",
"title": "Improper Input Validation in Mortbay Jetty ",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-2759",
"https://www.eclipse.org/jetty/about.php",
"https://github.com/advisories/GHSA-mq4x-8whh-jx73"
],
"uuid": "4de6b7a2-d1ac-4509-9339-df372dfd70a1"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
38 changes: 38 additions & 0 deletions 2006/3xxx/GSD-2006-3360.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,44 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "<3.2.5",
"affected_versions": "All versions before 3.2.5",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2023-03-30",
"description": "Directory traversal vulnerability in index.php in phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.",
"fixed_versions": [
"3.2.5"
],
"identifier": "CVE-2006-3360",
"identifiers": [
"GHSA-2wxv-3g4v-p76p",
"CVE-2006-3360"
],
"not_impacted": "All versions starting from 3.2.5",
"package_slug": "packagist/phpsysinfo/phpsysinfo",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 3.2.5 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-3360",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/27527",
"https://github.com/phpsysinfo/phpsysinfo/issues/107",
"https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745",
"https://github.com/phpsysinfo/phpsysinfo/commit/60b5bbb5d1cc17f44050e99a3e746f55a4fd4e18",
"https://github.com/advisories/GHSA-2wxv-3g4v-p76p"
],
"uuid": "e45e5e19-fde6-47cd-b02a-ce6b053dd319"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
36 changes: 36 additions & 0 deletions 2006/4xxx/GSD-2006-4067.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,42 @@
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": ">=1.0.1.2708,<=1.1.6.3264",
"affected_versions": "All versions starting from 1.0.1.2708 up to 1.1.6.3264",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-79",
"CWE-937"
],
"date": "2023-01-09",
"description": "Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (\"Not Found\") error page. NOTE: some of these details are obtained from third party information.",
"fixed_versions": [
"1.1.7.3363"
],
"identifier": "CVE-2006-4067",
"identifiers": [
"GHSA-vc29-mvwv-wpcq",
"CVE-2006-4067"
],
"not_impacted": "All versions before 1.0.1.2708, all versions after 1.1.6.3264",
"package_slug": "packagist/cakephp/cakephp",
"pubdate": "2022-05-01",
"solution": "Upgrade to version 1.1.7.3363 or above.",
"title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2006-4067",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/28256",
"https://github.com/advisories/GHSA-vc29-mvwv-wpcq"
],
"uuid": "0bbbf1e0-ddde-4765-bbda-d2ba2facf9f6"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
Expand Down
Loading