Update advisories
diff --git a/content/projects/_index.md b/content/projects/_index.md
index 4e89a88..33fca68 100644
--- a/content/projects/_index.md
+++ b/content/projects/_index.md
@@ -15,11 +15,13 @@
| Apache AGE | [Apache Security Team](mailto:security@apache.org) | |
| Apache Airavata | [Apache Security Team](mailto:security@apache.org) | |
| Apache Airflow | [Apache Security Team](mailto:security@apache.org) | |
+| Apache Allura | [Apache Security Team](mailto:security@apache.org) | |
| Apache Ambari | [Apache Ambari Security Team](mailto:security@ambari.apache.org) | |
| [Apache Ant](https://ant.apache.org/security.html) | [Apache Security Team](mailto:security@apache.org) | |
| Apache APISIX | [Apache Security Team](mailto:security@apache.org) | |
| [Apache Portable Runtime (APR)](https://apr.apache.org/security_report.html) | [Apache Security Team](mailto:security@apache.org) | |
| [Apache Archiva](https://archiva.apache.org/security.html) | [Apache Security Team](mailto:security@apache.org) | [Advisories](https://archiva.apache.org/security.html) |
+| Apache Arrow | [Apache Security Team](mailto:security@apache.org) | |
| Apache AsterixDB | [Apache Security Team](mailto:security@apache.org) | |
| Apache Atlas | [Apache Security Team](mailto:security@apache.org) | |
| Apache Avro | [Apache Security Team](mailto:security@apache.org) | |
@@ -31,6 +33,7 @@
| Apache Cassandra | [Apache Security Team](mailto:security@apache.org) | |
| Apache Cayenne | [Apache Security Team](mailto:security@apache.org) | |
| [Apache CloudStack](https://cloudstack.apache.org/security.html) | [Apache Security Team](mailto:security@apache.org) | |
+| Apache Cocoon | [Apache Security Team](mailto:security@apache.org) | |
| [Apache Commons](https://commons.apache.org/security.html) | [Apache Commons Security Team](mailto:security@commons.apache.org) | [Advisories](https://commons.apache.org/security.html#Known_Security_Vulnerabilities) |
| Apache CouchDB | [Apache CouchDB Security Team](mailto:security@couchdb.apache.org) | |
| Apache CXF | [Apache Security Team](mailto:security@apache.org) | |
@@ -112,6 +115,7 @@
| Apache StreamPark (Incubating) | [Apache Security Team](mailto:security@apache.org) | |
| Apache StreamPipes | [Apache Security Team](mailto:security@apache.org) | |
| [Apache Struts](https://struts.apache.org/security.html) | [Apache Struts Security Team](mailto:security@struts.apache.org) | [Advisories](https://cwiki.apache.org/confluence/display/WW/Security+Bulletins) |
+| Apache Submarine | [Apache Security Team](mailto:security@apache.org) | |
| [Apache Subversion](https://subversion.apache.org/security/) | [Apache Subversion Security Team](mailto:security@subversion.apache.org) | [Advisories](https://subversion.apache.org/security/) |
| [Apache Superset](https://superset.apache.org/docs/security/) | [Apache Security Team](mailto:security@apache.org) | [Advisories](https://superset.apache.org/docs/security/cves) |
| Apache SystemDS | [Apache Security Team](mailto:security@apache.org) | |
diff --git a/content/projects/activemq/_index.md b/content/projects/activemq/_index.md
index 2e508a5..d22a237 100644
--- a/content/projects/activemq/_index.md
+++ b/content/projects/activemq/_index.md
@@ -109,3 +109,85 @@
### Credits
* Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
+
+
+## Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE ## { #CVE-2022-41678 }
+
+CVE-2022-41678 [\[CVE json\]](./CVE-2022-41678.cve.json)
+
+### Affected
+
+* Apache ActiveMQ before 5.16.6
+* Apache ActiveMQ from 5.17.0 before 5.17.4
+* Apache ActiveMQ at 5.18.0
+* Apache ActiveMQ at 6.0.0
+
+
+### Description
+
+<span style="background-color: rgb(255, 255, 255);">Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. <br><br>In details, in ActiveMQ configurations, jetty allows
+org.jolokia.http.AgentServlet to handler request to /api/jolokia<br><br>org.jolokia.http.HttpRequestHandler#handlePostRequest is able to
+create JmxRequest through JSONObject. And calls to
+org.jolokia.http.HttpRequestHandler#executeRequest.<br><br>Into deeper calling stacks,
+org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke
+through refection.
+
+And then, RCE is able to be achieved via
+jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.
+<br><br>
+1 Call newRecording.
+<br>
+2 Call setConfiguration. And a webshell data hides in it.
+<br>
+3 Call startRecording.
+<br>
+4 Call copyTo method. The webshell will be written to a .jsp file.<br><br></span>The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.<br>A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.<br>
+
+### References
+* https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
+* https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
+
+
+### Credits
+* wangxin@threatbook.cn (finder)
+* wangzhendong@threatbook.cn (finder)
+* honglonglong@threatbook.cn (finder)
+
+
+## Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack ## { #CVE-2023-46604 }
+
+CVE-2023-46604 [\[CVE json\]](./CVE-2023-46604.cve.json)
+
+### Affected
+
+* Apache ActiveMQ from 5.18.0 before 5.18.3
+* Apache ActiveMQ from 5.17.0 before 5.17.6
+* Apache ActiveMQ from 5.16.0 before 5.16.7
+* Apache ActiveMQ before 5.15.16
+* Apache ActiveMQ Legacy OpenWire Module from 5.18.0 before 5.18.3
+* Apache ActiveMQ Legacy OpenWire Module from 5.17.0 before 5.17.6
+* Apache ActiveMQ Legacy OpenWire Module from 5.16.0 before 5.16.7
+* Apache ActiveMQ Legacy OpenWire Module from 5.8.0 before 5.15.16
+
+
+### Description
+
+<div>The Java OpenWire protocol marshaller is vulnerable to Remote Code
+Execution. This vulnerability may allow a remote attacker with network
+access to either a Java-based OpenWire broker or client to run arbitrary
+ shell commands by manipulating serialized class types in the OpenWire
+protocol to cause either the client or the broker (respectively) to
+instantiate any class on the classpath.</div><div><br></div><div>Users are recommended to upgrade
+ both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
+which fixes this issue.</div>
+
+### References
+* https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
+* https://www.openwall.com/lists/oss-security/2023/10/27/5
+* https://security.netapp.com/advisory/ntap-20231110-0010/
+* https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
+* https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
+
+
+### Credits
+* yejie@threatbook.cn (finder)
diff --git a/content/projects/airflow/_index.md b/content/projects/airflow/_index.md
index 16278b8..62d4703 100644
--- a/content/projects/airflow/_index.md
+++ b/content/projects/airflow/_index.md
@@ -1474,6 +1474,29 @@
* Hussein Awala (remediation developer)
+## Permission verification bypass allows viewing dagruns of other dags ## { #CVE-2023-42781 }
+
+CVE-2023-42781 [\[CVE json\]](./CVE-2023-42781.cve.json)
+
+### Affected
+
+* Apache Airflow before 2.7.3
+
+
+### Description
+
+Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.<br>Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.
+
+### References
+* https://github.com/apache/airflow/pull/34939
+* https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1
+
+
+### Credits
+* balis0ng (finder)
+* Hussein Awala (remediation developer)
+
+
## Improper access control to DAG resources ## { #CVE-2023-42792 }
CVE-2023-42792 [\[CVE json\]](./CVE-2023-42792.cve.json)
@@ -1520,3 +1543,73 @@
### Credits
* L3yx of Syclover Security Team (finder)
* Hussein Awala (remediation developer)
+
+
+## Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend ## { #CVE-2023-46215 }
+
+CVE-2023-46215 [\[CVE json\]](./CVE-2023-46215.cve.json)
+
+### Affected
+
+* Apache Airflow Celery provider from 3.3.0 through 3.4.0
+* Apache Airflow from 1.10.0 before 2.7.0
+
+
+### Description
+
+Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.<br><br><p>Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend<br>Note: the vulnerability is about the information exposed in the logs not about accessing the logs.</p><p>This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.</p><p>Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.</p>
+
+### References
+* https://github.com/apache/airflow/pull/34954
+* https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n
+
+
+### Credits
+* husseinawala (finder)
+
+
+## Sensitive parameters exposed in API when "non-sensitive-only" configuration is set ## { #CVE-2023-46288 }
+
+CVE-2023-46288 [\[CVE json\]](./CVE-2023-46288.cve.json)
+
+### Affected
+
+* Apache Airflow from 2.4.0 before 2.7.0
+
+
+### Description
+
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.<p>This issue affects Apache Airflow from 2.4.0 to 2.7.0.</p><p>Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the <code>expose_config</code> option is set to <code>non-sensitive-only</code>. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set <code>expose_config</code> to <code>non-sensitive-only</code> configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).</p><p>Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.</p>
+
+### References
+* https://github.com/apache/airflow/pull/32261
+* https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw
+
+
+### Credits
+* id_No2015429 of 3H Secruity Team (finder)
+* Lee, Wei (finder)
+* Lee, Wei (remediation developer)
+
+
+## Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) ## { #CVE-2023-47037 }
+
+CVE-2023-47037 [\[CVE json\]](./CVE-2023-47037.cve.json)
+
+### Affected
+
+* Apache Airflow before 2.7.3
+
+
+### Description
+
+<p><span style="background-color: rgb(255, 255, 255);">We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. </span></p><p><span style="background-color: rgb(255, 255, 255);">Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. </span></p><p><span style="background-color: rgb(255, 255, 255);">Users should upgrade to version 2.7.3 or later which has removed the vulnerability.</span><br></p><br><br>
+
+### References
+* https://github.com/apache/airflow/pull/33413
+* https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0
+
+
+### Credits
+* Tareq Ahamed from Hackerone (reporter)
+* Augusto Hidalgo (remediation developer)
diff --git a/content/projects/allura/_index.md b/content/projects/allura/_index.md
new file mode 100644
index 0000000..ad0b639
--- /dev/null
+++ b/content/projects/allura/_index.md
@@ -0,0 +1,35 @@
+---
+title: Apache Allura security advisories
+description: Security information for Apache Allura
+layout: single
+---
+
+# Reporting
+
+Do you want disclose a potential security issue for Apache Allura? Send your report to the [Apache Security Team](mailto:security@apache.org).
+
+# Advisories
+
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+{.bg-warning}
+
+## sensitive information exposure via import ## { #CVE-2023-46851 }
+
+CVE-2023-46851 [\[CVE json\]](./CVE-2023-46851.cve.json)
+
+### Affected
+
+* Apache Allura from 1.0.1 through 1.15.0
+
+
+### Description
+
+<div>Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.<br></div><div><br></div><div>This issue affects Apache Allura from 1.0.1 through 1.15.0.</div><p></p><p>Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.<br></p>
+
+### References
+* https://allura.apache.org/posts/2023-allura-1.16.0.html
+* https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx
+
+
+### Credits
+* Stefan Schiller (Sonar) (finder)
diff --git a/content/projects/arrow/_index.md b/content/projects/arrow/_index.md
new file mode 100644
index 0000000..7aaa9f8
--- /dev/null
+++ b/content/projects/arrow/_index.md
@@ -0,0 +1,37 @@
+---
+title: Apache Arrow security advisories
+description: Security information for Apache Arrow
+layout: single
+---
+
+# Reporting
+
+Do you want disclose a potential security issue for Apache Arrow? Send your report to the [Apache Security Team](mailto:security@apache.org).
+
+# Advisories
+
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+{.bg-warning}
+
+## Arbitrary code execution when loading a malicious data file ## { #CVE-2023-47248 }
+
+CVE-2023-47248 [\[CVE json\]](./CVE-2023-47248.cve.json)
+
+### Affected
+
+* PyArrow from 0.14.0 through 14.0.0
+* PyArrow from 0.14.0 through 14.0.0
+
+
+### Description
+
+<div>Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).</div><div><br></div><div>This vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings.<br></div><div><br></div><div>It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon.<br></div><div><br></div><div>If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See <a target="_blank" rel="nofollow" href="https://pypi.org/project/pyarrow-hotfix/">https://pypi.org/project/pyarrow-hotfix/</a> for instructions.<br></div><div><br></div>
+
+### References
+* https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
+* https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf
+* https://pypi.org/project/pyarrow-hotfix/
+
+
+### Credits
+* Li Jiakun - laoquanshi (finder)
diff --git a/content/projects/cocoon/_index.md b/content/projects/cocoon/_index.md
new file mode 100644
index 0000000..812ee55
--- /dev/null
+++ b/content/projects/cocoon/_index.md
@@ -0,0 +1,51 @@
+---
+title: Apache Cocoon security advisories
+description: Security information for Apache Cocoon
+layout: single
+---
+
+# Reporting
+
+Do you want disclose a potential security issue for Apache Cocoon? Send your report to the [Apache Security Team](mailto:security@apache.org).
+
+# Advisories
+
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+{.bg-warning}
+
+## SQL injection in DatabaseCookieAuthenticatorAction ## { #CVE-2022-45135 }
+
+CVE-2022-45135 [\[CVE json\]](./CVE-2022-45135.cve.json)
+
+### Affected
+
+* Apache Cocoon from 2.2.0 before 2.3.0
+
+
+### Description
+
+Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.<p>This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.</p><p>Users are recommended to upgrade to version 2.3.0, which fixes the issue.</p>
+
+### References
+* https://lists.apache.org/thread/lsvd1hmr2t2q823x21d5ygzgbj9jpvjp
+
+
+### Credits
+* QSec-Team (finder)
+
+
+## Apache Cocoon's StreamGenerator is vulnerable to XXE injection ## { #CVE-2023-49733 }
+
+CVE-2023-49733 [\[CVE json\]](./CVE-2023-49733.cve.json)
+
+### Affected
+
+* Apache Cocoon from 2.2.0 before 2.3.0
+
+
+### Description
+
+Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.<p>This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.</p><p>Users are recommended to upgrade to version 2.3.0, which fixes the issue.</p>
+
+### References
+* https://lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11
diff --git a/content/projects/db/_index.md b/content/projects/db/_index.md
index 00005de..4c0d604 100644
--- a/content/projects/db/_index.md
+++ b/content/projects/db/_index.md
@@ -30,3 +30,42 @@
### References
* https://lists.apache.org/thread.html/r3d7a8303a820144f5e2d1fd0b067e18d419421b58346b53b58d3fa72%40%3Cannounce.apache.org%3E
+
+
+## LDAP injection vulnerability in authenticator ## { #CVE-2022-46337 }
+
+CVE-2022-46337 [\[CVE json\]](./CVE-2022-46337.cve.json)
+
+### Affected
+
+* Apache Derby from 10.1.1.0 through 10.16.1.1
+
+
+### Description
+
+A cleverly devised username might bypass LDAP authentication checks. In
+LDAP-authenticated Derby installations, this could let an attacker fill
+up the disk by creating junk Derby databases. In LDAP-authenticated
+Derby installations, this could also allow the attacker to execute
+malware which was visible to and executable by the account which booted
+the Derby server. In LDAP-protected databases which weren't also
+protected by SQL GRANT/REVOKE authorization, this vulnerability could
+also let an attacker view and corrupt sensitive data and run sensitive
+database functions and procedures.
+<br>
+<br>Mitigation:
+<br>Users should upgrade to Java 21 and Derby 10.17.1.0.
+<br>Alternatively, users who wish to remain on older Java versions should
+build their own Derby distribution from one of the release families to
+which the fix was backported: 10.16, 10.15, and 10.14. Those are the
+releases which correspond, respectively, with Java LTS versions 17, 11,
+and 8.
+<br>
+<br>
+
+### References
+* https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
+
+
+### Credits
+* This issue was discovered by 4ra1n and Y4tacker, who also proposed the fix. (finder)
diff --git a/content/projects/dolphinscheduler/_index.md b/content/projects/dolphinscheduler/_index.md
index c301b92..62cdd33 100644
--- a/content/projects/dolphinscheduler/_index.md
+++ b/content/projects/dolphinscheduler/_index.md
@@ -190,3 +190,64 @@
### References
* https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf
+
+
+## Apache dolphinscheduler sensitive information disclosure ## { #CVE-2023-48796 }
+
+CVE-2023-48796 [\[CVE json\]](./CVE-2023-48796.cve.json)
+
+### Affected
+
+* Apache DolphinScheduler from 3.0.0 before 3.0.2
+
+
+### Description
+
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.<br><br>The information exposed to unauthorized actors may include sensitive data such as database credentials.<br><br>Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file<br><br><br>```<br>management:<br> endpoints:<br> web:<br> exposure:<br> include: health,metrics,prometheus<br>```<br><p><br></p><p>This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2.</p><p>Users are recommended to upgrade to version 3.0.2, which fixes the issue.</p>
+
+### References
+* https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo
+
+
+## Information Leakage Vulnerability ## { #CVE-2023-49068 }
+
+CVE-2023-49068 [\[CVE json\]](./CVE-2023-49068.cve.json)
+
+### Affected
+
+* Apache DolphinScheduler before 3.2.1
+
+
+### Description
+
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.<p>This issue affects Apache DolphinScheduler: before 3.2.1.<br></p><p>Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.<br></p>
+
+### References
+* https://github.com/apache/dolphinscheduler/pull/15192
+* https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq
+
+
+### Credits
+* Y4tacker and 4ra1n from Y4secTeam (finder)
+
+
+## Authenticated users could delete UDFs in resource center they were not authorized for ## { #CVE-2023-49620 }
+
+CVE-2023-49620 [\[CVE json\]](./CVE-2023-49620.cve.json)
+
+### Affected
+
+* Apache DolphinScheduler from 2.0.0 before 3.1.0
+
+
+### Description
+
+Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
+
+### References
+* https://github.com/apache/dolphinscheduler/pull/10307
+* https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj
+
+
+### Credits
+* Yuanheng Lab of zhongfu (finder)
diff --git a/content/projects/hadoop/_index.md b/content/projects/hadoop/_index.md
index f0f90e3..7482fe3 100644
--- a/content/projects/hadoop/_index.md
+++ b/content/projects/hadoop/_index.md
@@ -136,3 +136,28 @@
### Credits
* This issue was reported by a member of GitHub Security Lab, Jaroslav Lobačevski (https://github.com/JarLob).
+
+
+## Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems ## { #CVE-2023-26031 }
+
+CVE-2023-26031 [\[CVE json\]](./CVE-2023-26031.cve.json)
+
+### Affected
+
+* Apache Hadoop from 3.3.1 before 3.3.5
+
+
+### Description
+
+<br>Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.<br><br>Hadoop 3.3.0 updated the "<a target="_blank" rel="nofollow" href="https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html">YARN Secure Containers</a>" to add a feature for executing user-submitted applications in isolated linux containers.<br><br>The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.<br><br>The patch "<a target="_blank" rel="nofollow" href="https://issues.apache.org/jira/browse/YARN-10495">YARN-10495</a>. make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.<br>If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.<br><br>The fix for the vulnerability is to revert the change, which is done in <a target="_blank" rel="nofollow" href="https://issues.apache.org/jira/browse/YARN-11441">YARN-11441</a>, "Revert YARN-10495". This patch is in hadoop-3.3.5.<br><br>To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it is at risk<br><br><tt>$ readelf -d container-executor|grep <span style="background-color: rgb(255, 255, 255);">'RUNPATH\|RPATH'</span> <br>0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/]</tt><br><br>If it does not, then it is safe:<br><br><tt>$ readelf -d container-executor|grep <span style="background-color: rgb(255, 255, 255);">'RUNPATH\|RPATH'</span> <br>0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/]</tt><br><br>For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set<br><tt><br>$ ls -laF /opt/hadoop/bin/container-executor<br>---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor</tt><br><br>A safe installation lacks the suid bit; ideally is also not owned by root.<br><br><tt>$ ls -laF /opt/hadoop/bin/container-executor<br>-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor</tt><br><br>This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.<br><br><br><br><br>
+
+### References
+* https://issues.apache.org/jira/browse/YARN-11441
+* https://hadoop.apache.org/cve_list.html
+* https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
+
+
+### Credits
+* Esa Hiltunen (finder)
+* Mikko Kortelainen (finder)
+* The Teragrep Project (sponsor)
diff --git a/content/projects/httpd/_index.md b/content/projects/httpd/_index.md
index 0b6ba19..00d77b2 100644
--- a/content/projects/httpd/_index.md
+++ b/content/projects/httpd/_index.md
@@ -957,3 +957,70 @@
### Credits
* Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)
+
+
+## mod_macro buffer over-read ## { #CVE-2023-31122 }
+
+CVE-2023-31122 [\[CVE json\]](./CVE-2023-31122.cve.json)
+
+### Affected
+
+* Apache HTTP Server through 2.4.57
+
+
+### Description
+
+Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.<p>This issue affects Apache HTTP Server: through 2.4.57.</p>
+
+### References
+* https://httpd.apache.org/security/vulnerabilities_24.html
+
+
+### Credits
+* David Shoon (github/davidshoon) (finder)
+
+
+## DoS in HTTP/2 with initial windows size 0 ## { #CVE-2023-43622 }
+
+CVE-2023-43622 [\[CVE json\]](./CVE-2023-43622.cve.json)
+
+### Affected
+
+* Apache HTTP Server from 2.4.55 through 2.4.57
+
+
+### Description
+
+An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.<br><p>This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.</p><p>This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.</p><p>Users are recommended to upgrade to version 2.4.58, which fixes the issue.</p>
+
+### References
+* https://httpd.apache.org/security/vulnerabilities_24.html
+
+
+### Credits
+* Prof. Sven Dietrich (City University of New York) (finder)
+* Isa Jafarov (City University of New York) (finder)
+* Prof. Heejo Lee (Korea University) (finder)
+* Choongin Lee (Korea University) (finder)
+
+
+## HTTP/2 stream memory not reclaimed right away on RST ## { #CVE-2023-45802 }
+
+CVE-2023-45802 [\[CVE json\]](./CVE-2023-45802.cve.json)
+
+### Affected
+
+* Apache HTTP Server from 2.4.17 through 2.4.57
+
+
+### Description
+
+When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.<br><br>This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.<br><br>Users are recommended to upgrade to version 2.4.58, which fixes the issue.<br>
+
+### References
+* https://httpd.apache.org/security/vulnerabilities_24.html
+
+
+### Credits
+* Will Dormann of Vul Labs (finder)
+* David Warren of Vul Labs (finder)
diff --git a/content/projects/inlong/_index.md b/content/projects/inlong/_index.md
index fb67fbb..d974efc 100644
--- a/content/projects/inlong/_index.md
+++ b/content/projects/inlong/_index.md
@@ -517,3 +517,33 @@
### Credits
* nbxiglk (finder)
+
+
+## Apache inlong has an Arbitrary File Read Vulnerability ## { #CVE-2023-46227 }
+
+CVE-2023-46227 [\[CVE json\]](./CVE-2023-46227.cve.json)
+
+### Affected
+
+* Apache InLong from 1.4.0 through 1.8.0
+
+
+### Description
+
+
+
+<span style="background-color: rgb(255, 255, 255);">
+
+Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.
+
+</span><p>This issue affects Apache InLong: from 1.4.0 through 1.8.0, the a<span style="background-color: rgb(255, 255, 255);">ttacker can use \t to bypass. </span>Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.</p><p><span style="background-color: rgb(255, 255, 255);">[1] </span><a target="_blank" rel="nofollow" href="https://github.com/apache/inlong/pull/8814"></a><a target="_blank" rel="nofollow" href="https://github.com/apache/inlong/pull/8814">https://github.com/apache/inlong/pull/8814</a></p>
+
+
+
+### References
+* https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33
+
+
+### Credits
+* Snakinya (finder)
+* s3gundo (finder)
diff --git a/content/projects/nifi/_index.md b/content/projects/nifi/_index.md
index 03aed4f..1bac7f9 100644
--- a/content/projects/nifi/_index.md
+++ b/content/projects/nifi/_index.md
@@ -266,3 +266,26 @@
### Credits
* Ferenc Gerlits (finder)
+
+
+## Improper Neutralization of Input in Advanced User Interface for Jolt ## { #CVE-2023-49145 }
+
+CVE-2023-49145 [\[CVE json\]](./CVE-2023-49145.cve.json)
+
+### Affected
+
+* Apache NiFi from 0.7.0 through 1.23.2
+
+
+### Description
+
+Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
+JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
+
+### References
+* https://nifi.apache.org/security.html#CVE-2023-49145
+* https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
+
+
+### Credits
+* Dr. Oliver Matula, DB Systel GmbH (finder)
diff --git a/content/projects/ofbiz/_index.md b/content/projects/ofbiz/_index.md
index e9327e1..470df49 100644
--- a/content/projects/ofbiz/_index.md
+++ b/content/projects/ofbiz/_index.md
@@ -236,3 +236,29 @@
### Credits
* Skay <lhcaomail@gmail.com> (finder)
+
+
+## Execution of Solr plugin queries without authentication ## { #CVE-2023-46819 }
+
+CVE-2023-46819 [\[CVE json\]](./CVE-2023-46819.cve.json)
+
+### Affected
+
+* Apache OFBiz before 18.12.09
+
+
+### Description
+
+Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.<br><p>This issue affects Apache OFBiz: before 18.12.09.
+
+<span style="background-color: rgb(255, 255, 255);">Users are recommended to upgrade to version 18.12.09</span></p>
+
+### References
+* https://ofbiz.apache.org/download.html
+* https://ofbiz.apache.org/security.html
+* https://ofbiz.apache.org/release-notes-18.12.09.html
+* https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99
+
+
+### Credits
+* Anonymous by demand (finder)
diff --git a/content/projects/santuario/_index.md b/content/projects/santuario/_index.md
index e3de9fb..5372c70 100644
--- a/content/projects/santuario/_index.md
+++ b/content/projects/santuario/_index.md
@@ -32,3 +32,26 @@
### Credits
* An Trinh, Calif.
+
+
+## Private Key disclosure in debug-log output ## { #CVE-2023-44483 }
+
+CVE-2023-44483 [\[CVE json\]](./CVE-2023-44483.cve.json)
+
+### Affected
+
+* Apache Santuario from 2.2 before 2.2.6
+* Apache Santuario from 2.3 before 2.3.4
+* Apache Santuario from 3.0 before 3.0.3
+
+
+### Description
+
+All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.<br>
+
+### References
+* https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
+
+
+### Credits
+* Apache Santuario would like to thank Max Fichtelmann for reporting this issue. (finder)
diff --git a/content/projects/shenyu/_index.md b/content/projects/shenyu/_index.md
index 62762e8..c553652 100644
--- a/content/projects/shenyu/_index.md
+++ b/content/projects/shenyu/_index.md
@@ -173,3 +173,30 @@
### Credits
* xxhzz (finder)
+
+
+## Server-Side Request Forgery in Apache ShenYu ## { #CVE-2023-25753 }
+
+CVE-2023-25753 [\[CVE json\]](./CVE-2023-25753.cve.json)
+
+### Affected
+
+* Apache ShenYu through 2.5.1
+
+
+### Description
+
+
+
+<p>There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.</p><p>Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.</p><p>
+
+</p><p>This issue affects Apache ShenYu: 2.5.1.</p><p>Upgrade to Apache ShenYu 2.6.0 or apply patch <a target="_blank" rel="nofollow" href="https://github.com/apache/shenyu/pull/4776">https://github.com/apache/shenyu/pull/4776</a> .</p><p></p>
+
+
+
+### References
+* https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d
+
+
+### Credits
+* by3 (finder)
diff --git a/content/projects/storm/_index.md b/content/projects/storm/_index.md
index 88c7982..ba5bb6d 100644
--- a/content/projects/storm/_index.md
+++ b/content/projects/storm/_index.md
@@ -57,3 +57,24 @@
### Credits
* Apache Storm would like to thank @pwntester Alvaro Muñoz of the GitHub Security Lab team for reporting this issue.
+
+
+## Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files ## { #CVE-2023-43123 }
+
+CVE-2023-43123 [\[CVE json\]](./CVE-2023-43123.cve.json)
+
+### Affected
+
+* Apache Storm from 2.0.0 before 2.6.0
+
+
+### Description
+
+<div>On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.<br><br>The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.<br></div><div><br></div><div>File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. <br><br>This affects the class <a target="_blank" rel="nofollow" href="https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99">https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99</a> and was introduced by <a target="_blank" rel="nofollow" href="https://issues.apache.org/jira/browse/STORM-3123">https://issues.apache.org/jira/browse/STORM-3123</a><br></div><div><br>In practice, this has a very limited impact as this class is used only if <span style="background-color: rgb(206, 204, 247);">ui.disable.spout.lag.monitoring</span></div> <div><span style="background-color: var(--wht);">is set to false, but its value is true by default.<br>Moreover, the temporary file gets deleted soon after its creation.<br><br>The solution is to use </span><span style="background-color: var(--hig);"><a target="_blank" rel="nofollow" href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...)">Files.createTempFile</a></span><span style="background-color: var(--wht);"> instead.<br><br>We recommend that all users upgrade to the latest version of Apache Storm.</span></div><div><span style="background-color: var(--wht);"><br></span></div><br>
+
+### References
+* https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l
+
+
+### Credits
+* Andrea Cosentino from Apache Software Foundation (finder)
diff --git a/content/projects/submarine/_index.md b/content/projects/submarine/_index.md
new file mode 100644
index 0000000..68fdd30
--- /dev/null
+++ b/content/projects/submarine/_index.md
@@ -0,0 +1,63 @@
+---
+title: Apache Submarine security advisories
+description: Security information for Apache Submarine
+layout: single
+---
+
+# Reporting
+
+Do you want disclose a potential security issue for Apache Submarine? Send your report to the [Apache Security Team](mailto:security@apache.org).
+
+# Advisories
+
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+{.bg-warning}
+
+## SQL injection from unauthorized login ## { #CVE-2023-37924 }
+
+CVE-2023-37924 [\[CVE json\]](./CVE-2023-37924.cve.json)
+
+### Affected
+
+* Apache Submarine from 0.7.0 before 0.8.0
+
+
+### Description
+
+Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.<br><span style="background-color: rgb(255, 255, 255);">Now we have fixed this issue and now user must have the correct login to access workbench.</span><br><p>This issue affects Apache Submarine: from 0.7.0 before 0.8.0. <span style="background-color: rgb(255, 255, 255);">We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.</span><span style="background-color: rgb(255, 255, 255);"><br><span style="background-color: rgb(255, 255, 255);">If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR <a target="_blank" rel="nofollow" href="https://github.com/apache/submarine/pull/1054">https://github.com/apache/submarine/pull/1037</a> and rebuild the submarine-server image to fix this.</span><br></span></p>
+
+### References
+* https://issues.apache.org/jira/browse/SUBMARINE-1361
+* https://github.com/apache/submarine/pull/1037
+* https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r
+
+
+### Credits
+* lengjingqicai(棱镜七彩开源安全研究院) (reporter)
+
+
+## Fix CVE-2022-1471 SnakeYaml unsafe deserialization ## { #CVE-2023-46302 }
+
+CVE-2023-46302 [\[CVE json\]](./CVE-2023-46302.cve.json)
+
+### Affected
+
+* Apache Submarine from 0.7.0 before 0.8.0
+
+
+### Description
+
+Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml <a target="_blank" rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2022-1471">https://nvd.nist.gov/vuln/detail/CVE-2022-1471</a>.<br><br>Apache Submarine uses JAXRS to define REST endpoints. In order to
+handle YAML requests (using application/yaml content-type), it defines
+a YamlEntityProvider entity provider that will process all incoming
+YAML requests. In order to unmarshal the request, the readFrom method
+is invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`.<br> <br>We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`.<br>This issue affects Apache Submarine: from 0.7.0 before 0.8.0. <span style="background-color: rgb(255, 255, 255);">Users are recommended to upgrade to version 0.8.0, which fixes this issue.<br><span style="background-color: rgb(255, 255, 255);">If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR <a target="_blank" rel="nofollow" href="https://github.com/apache/submarine/pull/1054">https://github.com/apache/submarine/pull/1054</a> and rebuild the submart-server image to fix this.</span><br><br></span><br>
+
+### References
+* https://issues.apache.org/jira/browse/SUBMARINE-1371
+* https://github.com/apache/submarine/pull/1054
+* https://lists.apache.org/thread/zf0wppzh239j4h131hm1dbswfnztxrr5
+
+
+### Credits
+* GHSL team member @jorgectf (Jorge Rosillo) (reporter)
diff --git a/content/projects/superset/_index.md b/content/projects/superset/_index.md
index 2c25d6e..6e9d902 100644
--- a/content/projects/superset/_index.md
+++ b/content/projects/superset/_index.md
@@ -618,3 +618,108 @@
### Credits
* Naveen Sunkavally (Horizon3.ai) (finder)
+
+
+## Privilege escalation with default examples database ## { #CVE-2023-40610 }
+
+CVE-2023-40610 [\[CVE json\]](./CVE-2023-40610.cve.json)
+
+### Affected
+
+* Apache Superset before 2.1.2
+
+
+### Description
+
+Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.<br><br>
+
+### References
+* https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot
+
+
+### Credits
+* LEXFO for Orange Innovation and Orange CERT-CC at Orange group (finder)
+
+
+## Unnecessary read permissions within the Gamma role ## { #CVE-2023-42501 }
+
+CVE-2023-42501 [\[CVE json\]](./CVE-2023-42501.cve.json)
+
+### Affected
+
+* Apache Superset before 2.1.2
+
+
+### Description
+
+Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.<br>This issue affects Apache Superset: before 2.1.2.<br>Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.<br><br>
+
+### References
+* https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh
+
+
+### Credits
+* Miguel Segovia Gil (finder)
+
+
+## Open Redirect Vulnerability ## { #CVE-2023-42502 }
+
+CVE-2023-42502 [\[CVE json\]](./CVE-2023-42502.cve.json)
+
+### Affected
+
+* Apache Superset before 3.0.0
+
+
+### Description
+
+An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the <span style="background-color: rgb(255, 255, 255);">HTTP Host header</span>, users could be redirected to this site when clicking on that specific dataset. <span style="background-color: rgb(255, 255, 255);">This issue affects Apache Superset versions before 3.0.0.</span><br>
+
+### References
+* https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn
+
+
+### Credits
+* Amit Laish – GE Vernova (finder)
+
+
+## Lack of rate limiting allows for possible denial of service ## { #CVE-2023-42504 }
+
+CVE-2023-42504 [\[CVE json\]](./CVE-2023-42504.cve.json)
+
+### Affected
+
+* Apache Superset before 3.0.0
+
+
+### Description
+
+<p>An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.</p><p>This issue affects Apache Superset: before 3.0.0</p>
+
+### References
+* https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
+
+
+### Credits
+* Amit Laish – GE Vernova (finder)
+
+
+## Sensitive information disclosure on db connection details ## { #CVE-2023-42505 }
+
+CVE-2023-42505 [\[CVE json\]](./CVE-2023-42505.cve.json)
+
+### Affected
+
+* Apache Superset before 3.0.0
+
+
+### Description
+
+<p>An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.<br><br></p><p>This issue affects Apache Superset before 3.0.0.<br></p>
+
+### References
+* https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
+
+
+### Credits
+* Leonel John Erik Angel Torres (finder)
diff --git a/content/projects/tiles/_index.md b/content/projects/tiles/_index.md
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/content/projects/tiles/_index.md
diff --git a/content/projects/tomcat/_index.md b/content/projects/tomcat/_index.md
index 0d6d2f0..a156e04 100644
--- a/content/projects/tomcat/_index.md
+++ b/content/projects/tomcat/_index.md
@@ -554,3 +554,29 @@
### Credits
* Keran Mu and Jianjun Chen from Tsinghua University and Zhongguancun Laboratory (finder)
+
+
+## HTTP request smuggling via malformed trailer headers ## { #CVE-2023-46589 }
+
+CVE-2023-46589 [\[CVE json\]](./CVE-2023-46589.cve.json)
+
+### Affected
+
+* Apache Tomcat from 11.0.0-M1 through 11.0.0-M10
+* Apache Tomcat from 10.1.0-M1 through 10.1.15
+* Apache Tomcat from 9.0.0-M1 through 9.0.82
+* Apache Tomcat from 8.5.0 through 8.5.95
+
+
+### Description
+
+Improper Input Validation vulnerability in Apache Tomcat.<p>Tomcat <span style="background-color: rgb(255, 255, 255);">from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95</span> did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
+request as multiple requests leading to the possibility of request
+smuggling when behind a reverse proxy.<br></p><p><span style="background-color: var(--wht);">Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.</span></p><br>
+
+### References
+* https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
+
+
+### Credits
+* Norihito Aimoto (OSSTech Corporation) (finder)
diff --git a/content/projects/uima/_index.md b/content/projects/uima/_index.md
index e4ae344..3dc232d 100644
--- a/content/projects/uima/_index.md
+++ b/content/projects/uima/_index.md
@@ -55,3 +55,27 @@
### Credits
* Crilwa (finder)
+
+
+## Potential untrusted code execution when deserializing certain binary CAS formats ## { #CVE-2023-39913 }
+
+CVE-2023-39913 [\[CVE json\]](./CVE-2023-39913.cve.json)
+
+### Affected
+
+* Apache UIMA Java SDK Core before 3.5.0
+* Apache UIMA Java SDK CPE before 3.5.0
+* Apache UIMA Java SDK Vinci adapter before 3.5.0
+* Apache UIMA Java SDK tools before 3.5.0
+
+
+### Description
+
+Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.<p>This issue affects Apache UIMA Java SDK: before 3.5.0.</p><p>Users are recommended to upgrade to version 3.5.0, which fixes the issue.</p>There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular:<br><ul><li><span style="background-color: var(--wht);">the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class;</span></li><li><span style="background-color: var(--wht);">the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data;</span></li><li><span style="background-color: var(--wht);">the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections;</span></li><li><span style="background-color: var(--wht);">the CasAnnotationViewerApplet and the CasTreeViewerApplet;</span></li><li><span style="background-color: var(--wht);">the checkpointing feature of the CPE module.</span></li></ul>Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is <b>not</b> a serialized Java object.<br><br>When using Vinci or using CasIOUtils in own services/applications, <span style="background-color: rgb(255, 255, 255);">the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.</span><br><br>As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. <a target="_blank" rel="nofollow" href="https://openjdk.org/jeps/290">https://openjdk.org/jeps/290</a> and <a target="_blank" rel="nofollow" href="https://openjdk.org/jeps/415">https://openjdk.org/jeps/415</a>) if running UIMA on a Java version that supports it. <br><br>Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.<br><br>To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the <i>"jdk.serialFilter"</i> system property using a semicolon as a separator:<br><br>To allow deserializing Java-serialized binary CASes, add the classes:<br><ul><li><span style="background-color: var(--wht);">org.apache.uima.cas.impl.CASCompleteSerializer</span></li><li>org.apache.uima.cas.impl.CASMgrSerializer</li><li>org.apache.uima.cas.impl.CASSerializer</li><li>java.lang.String</li></ul>To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints):<br><ul><li>org.apache.uima.collection.impl.cpm.CheckpointData</li><li>org.apache.uima.util.ProcessTrace</li><li>org.apache.uima.util.impl.ProcessTrace_impl</li><li>org.apache.uima.collection.base_cpm.SynchPoint</li></ul>Make sure to use "!*" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.<br><br>Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.<br><br>
+
+### References
+* https://lists.apache.org/thread/lw30f4qlq3mhkhpljj16qw4fot3rg7v4
+
+
+### Credits
+* Huangzhicong from CodeSafe Team of Legendsec at Qi’anxin (reporter)
diff --git a/static/projects/activemq/CVE-2022-41678.cve.json b/static/projects/activemq/CVE-2022-41678.cve.json
new file mode 100644
index 0000000..eec69e2
--- /dev/null
+++ b/static/projects/activemq/CVE-2022-41678.cve.json
@@ -0,0 +1,124 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "AMQ-9201"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache ActiveMQ",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.activemq:apache-activemq",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "5.16.6",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.17.0",
+ "lessThan": "5.17.4",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "5.18.0"
+ },
+ {
+ "status": "unaffected",
+ "version": "6.0.0"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0\n\nIn details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia\n\norg.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.\n\nInto deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest is able to invoke\nthrough refection.\n\nAnd then, RCE is able to be achieved via\njdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\n\n1 Call newRecording.\n\n2 Call setConfiguration. And a webshell data hides in it.\n\n3 Call startRecording.\n\n4 Call copyTo method. The webshell will be written to a .jsp file.\n\nThe mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.\nA more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<span style=\"background-color: rgb(255, 255, 255);\">Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. <br><br>In details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia<br><br>org.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.<br><br>Into deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest is able to invoke\nthrough refection.\n\nAnd then, RCE is able to be achieved via\njdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\n<br><br>\n1 Call newRecording.\n<br>\n2 Call setConfiguration. And a webshell data hides in it.\n<br>\n3 Call startRecording.\n<br>\n4 Call copyTo method. The webshell will be written to a .jsp file.<br><br></span>The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.<br>A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.<br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "Medium"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wangxin@threatbook.cn",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "wangzhendong@threatbook.cn",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "honglonglong@threatbook.cn",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2022-41678",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/activemq/CVE-2023-46604.cve.json b/static/projects/activemq/CVE-2023-46604.cve.json
new file mode 100644
index 0000000..41a17f8
--- /dev/null
+++ b/static/projects/activemq/CVE-2023-46604.cve.json
@@ -0,0 +1,172 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "AMQ-9370"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache ActiveMQ",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.activemq:activemq-client",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "5.18.0",
+ "lessThan": "5.18.3",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.17.0",
+ "lessThan": "5.17.6",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.16.0",
+ "lessThan": "5.16.7",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "5.15.16",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache ActiveMQ Legacy OpenWire Module",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.activemq:activemq-openwire-legacy",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "5.18.0",
+ "lessThan": "5.18.3",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.17.0",
+ "lessThan": "5.17.6",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.16.0",
+ "lessThan": "5.16.7",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "5.8.0",
+ "lessThan": "5.15.16",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.</div><div><br></div><div>Users are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.</div>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
+ },
+ {
+ "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseSeverity": "CRITICAL",
+ "baseScore": 10,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "yejie@threatbook.cn",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46604",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/airflow/CVE-2023-42781.cve.json b/static/projects/airflow/CVE-2023-42781.cve.json
new file mode 100644
index 0000000..7f06c6f
--- /dev/null
+++ b/static/projects/airflow/CVE-2023-42781.cve.json
@@ -0,0 +1,100 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Permission verification bypass allows viewing dagruns of other dags",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Airflow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "2.7.3",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\u00a0 This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.<br>Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability."
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/airflow/pull/34939",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "balis0ng",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Hussein Awala",
+ "type": "remediation developer"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-42781",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/airflow/CVE-2023-46215.cve.json b/static/projects/airflow/CVE-2023-46215.cve.json
new file mode 100644
index 0000000..7fdb9e4
--- /dev/null
+++ b/static/projects/airflow/CVE-2023-46215.cve.json
@@ -0,0 +1,112 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-532 Insertion of Sensitive Information into Log File",
+ "lang": "en",
+ "cweId": "CWE-532",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "INTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Airflow Celery provider",
+ "collectionURL": "https://pypi.python.org",
+ "packageName": "apache-airflow-providers-celery",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.3.0",
+ "lessThanOrEqual": "3.4.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Airflow",
+ "collectionURL": "https://pypi.python.org",
+ "packageName": "apache-airflow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "1.10.0",
+ "lessThan": "2.7.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the\u00a0vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1\u00a0and Apache Airlfow to version 2.7.0 which fixes the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.<br><br><p>Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend<br>Note: the vulnerability is about the information exposed in the logs not about accessing the logs.</p><p>This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.</p><p>Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/airflow/pull/34954",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "husseinawala",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46215",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/airflow/CVE-2023-46288.cve.json b/static/projects/airflow/CVE-2023-46288.cve.json
new file mode 100644
index 0000000..2a611c8
--- /dev/null
+++ b/static/projects/airflow/CVE-2023-46288.cve.json
@@ -0,0 +1,107 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Sensitive parameters exposed in API when \"non-sensitive-only\" configuration is set",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Airflow",
+ "collectionURL": "https://pypi.python.org/",
+ "packageName": "apache-airflow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.4.0",
+ "lessThan": "2.7.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config\u00a0option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config\u00a0to non-sensitive-only\u00a0configuration. This is a different error than CVE-2023-45348\u00a0which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes\u00a0CVE-2023-45348.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.<p>This issue affects Apache Airflow from 2.4.0 to 2.7.0.</p><p>Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the <code>expose_config</code> option is set to <code>non-sensitive-only</code>. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set <code>expose_config</code> to <code>non-sensitive-only</code> configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).</p><p>Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/airflow/pull/32261",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "id_No2015429 of 3H Secruity Team",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Lee, Wei",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Lee, Wei",
+ "type": "remediation developer"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46288",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/airflow/CVE-2023-47037.cve.json b/static/projects/airflow/CVE-2023-47037.cve.json
new file mode 100644
index 0000000..fdb786e
--- /dev/null
+++ b/static/projects/airflow/CVE-2023-47037.cve.json
@@ -0,0 +1,102 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-863 Incorrect Authorization",
+ "lang": "en",
+ "cweId": "CWE-863",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Airflow",
+ "collectionURL": "https://pypi.python.org",
+ "packageName": "apache-airflow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "2.7.3",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. </span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. </span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Users should upgrade to version 2.7.3 or later which has removed the vulnerability.</span><br></p><br><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/airflow/pull/33413",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tareq Ahamed from Hackerone",
+ "type": "reporter"
+ },
+ {
+ "lang": "en",
+ "value": " Augusto Hidalgo",
+ "type": "remediation developer"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-47037",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/allura/CVE-2023-46851.cve.json b/static/projects/allura/CVE-2023-46851.cve.json
new file mode 100644
index 0000000..73d7d2b
--- /dev/null
+++ b/static/projects/allura/CVE-2023-46851.cve.json
@@ -0,0 +1,115 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "sensitive information exposure via import",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-20 Improper Input Validation",
+ "lang": "en",
+ "cweId": "CWE-20",
+ "type": "CWE"
+ }
+ ]
+ },
+ {
+ "descriptions": [
+ {
+ "description": "CWE-73 External Control of File Name or Path",
+ "lang": "en",
+ "cweId": "CWE-73",
+ "type": "CWE"
+ }
+ ]
+ },
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Allura",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "1.0.1",
+ "lessThanOrEqual": "1.15.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u00a0 Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\n\nThis issue affects Apache Allura from 1.0.1 through 1.15.0.\n\nUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u00a0 If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.<br></div><div><br></div><div>This issue affects Apache Allura from 1.0.1 through 1.15.0.</div><p></p><p>Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.<br></p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://allura.apache.org/posts/2023-allura-1.16.0.html",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "critical"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Schiller (Sonar)",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46851",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/arrow/CVE-2023-47248.cve.json b/static/projects/arrow/CVE-2023-47248.cve.json
new file mode 100644
index 0000000..1e4efec
--- /dev/null
+++ b/static/projects/arrow/CVE-2023-47248.cve.json
@@ -0,0 +1,118 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Arbitrary code execution when loading a malicious data file",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "PyArrow",
+ "collectionURL": "https://pypi.org/",
+ "packageName": "pyarrow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0.14.0",
+ "lessThanOrEqual": "14.0.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "PyArrow",
+ "collectionURL": "https://conda-forge.org/",
+ "packageName": "pyarrow",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0.14.0",
+ "lessThanOrEqual": "14.0.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).\n\nThis vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings.\n\nIt is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon.\n\nIf it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).</div><div><br></div><div>This vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings.<br></div><div><br></div><div>It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon.<br></div><div><br></div><div>If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See <a target=\"_blank\" rel=\"nofollow\" href=\"https://pypi.org/project/pyarrow-hotfix/\">https://pypi.org/project/pyarrow-hotfix/</a> for instructions.<br></div><div><br></div>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://pypi.org/project/pyarrow-hotfix/",
+ "tags": [
+ "mitigation"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "critical"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Li Jiakun - laoquanshi",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-47248",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/cocoon/CVE-2022-45135.cve.json b/static/projects/cocoon/CVE-2022-45135.cve.json
new file mode 100644
index 0000000..f9ef4b3
--- /dev/null
+++ b/static/projects/cocoon/CVE-2022-45135.cve.json
@@ -0,0 +1,89 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "SQL injection in DatabaseCookieAuthenticatorAction",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "lang": "en",
+ "cweId": "CWE-89",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Cocoon",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.2.0",
+ "lessThan": "2.3.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.<p>This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.</p><p>Users are recommended to upgrade to version 2.3.0, which fixes the issue.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/lsvd1hmr2t2q823x21d5ygzgbj9jpvjp",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "QSec-Team",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2022-45135",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/cocoon/CVE-2023-49733.cve.json b/static/projects/cocoon/CVE-2023-49733.cve.json
new file mode 100644
index 0000000..aaf14a5
--- /dev/null
+++ b/static/projects/cocoon/CVE-2023-49733.cve.json
@@ -0,0 +1,82 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Apache Cocoon's StreamGenerator is vulnerable to XXE injection",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-611 Improper Restriction of XML External Entity Reference",
+ "lang": "en",
+ "cweId": "CWE-611",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Cocoon",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.2.0",
+ "lessThan": "2.3.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.<p>This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.</p><p>Users are recommended to upgrade to version 2.3.0, which fixes the issue.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-49733",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/db/CVE-2022-46337.cve.json b/static/projects/db/CVE-2022-46337.cve.json
new file mode 100644
index 0000000..6c05fd6
--- /dev/null
+++ b/static/projects/db/CVE-2022-46337.cve.json
@@ -0,0 +1,92 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "LDAP injection vulnerability in authenticator",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "LDAP Injection",
+ "lang": "en"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "DERBY-7147"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Derby",
+ "collectionURL": "https://repo1.maven.org/maven2",
+ "packageName": "org.apache.derby",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "10.1.1.0",
+ "lessThanOrEqual": "10.16.1.1",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "A cleverly devised username might bypass LDAP authentication checks. In \nLDAP-authenticated Derby installations, this could let an attacker fill \nup the disk by creating junk Derby databases. In LDAP-authenticated \nDerby installations, this could also allow the attacker to execute \nmalware which was visible to and executable by the account which booted \nthe Derby server. In LDAP-protected databases which weren't also \nprotected by SQL GRANT/REVOKE authorization, this vulnerability could \nalso let an attacker view and corrupt sensitive data and run sensitive \ndatabase functions and procedures.\n\nMitigation:\n\nUsers should upgrade to Java 21 and Derby 10.17.1.0.\n\nAlternatively, users who wish to remain on older Java versions should \nbuild their own Derby distribution from one of the release families to \nwhich the fix was backported: 10.16, 10.15, and 10.14. Those are the \nreleases which correspond, respectively, with Java LTS versions 17, 11, \nand 8.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "A cleverly devised username might bypass LDAP authentication checks. In \nLDAP-authenticated Derby installations, this could let an attacker fill \nup the disk by creating junk Derby databases. In LDAP-authenticated \nDerby installations, this could also allow the attacker to execute \nmalware which was visible to and executable by the account which booted \nthe Derby server. In LDAP-protected databases which weren't also \nprotected by SQL GRANT/REVOKE authorization, this vulnerability could \nalso let an attacker view and corrupt sensitive data and run sensitive \ndatabase functions and procedures.\n<br>\n<br>Mitigation:\n<br>Users should upgrade to Java 21 and Derby 10.17.1.0.\n<br>Alternatively, users who wish to remain on older Java versions should \nbuild their own Derby distribution from one of the release families to \nwhich the fix was backported: 10.16, 10.15, and 10.14. Those are the \nreleases which correspond, respectively, with Java LTS versions 17, 11, \nand 8.\n<br>\n<br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by \ufeff4ra1n and Y4tacker, who also proposed the fix.",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2022-46337",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/dolphinscheduler/CVE-2023-48796.cve.json b/static/projects/dolphinscheduler/CVE-2023-48796.cve.json
new file mode 100644
index 0000000..aa824ff
--- /dev/null
+++ b/static/projects/dolphinscheduler/CVE-2023-48796.cve.json
@@ -0,0 +1,82 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Apache dolphinscheduler sensitive information disclosure",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache DolphinScheduler",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.0.0",
+ "lessThan": "3.0.2",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.\n\nThe information exposed to unauthorized actors may include sensitive data such as database credentials.\n\nUsers who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file\n\n```\nmanagement:\n\u00a0 endpoints:\n\u00a0 \u00a0 web:\n\u00a0 \u00a0 \u00a0 exposure:\n\u00a0 \u00a0 \u00a0 \u00a0 include: health,metrics,prometheus\n```\n\nThis issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.<br><br>The information exposed to unauthorized actors may include sensitive data such as database credentials.<br><br>Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file<br><br><br>```<br>management:<br> endpoints:<br> web:<br> exposure:<br> include: health,metrics,prometheus<br>```<br><p><br></p><p>This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2.</p><p>Users are recommended to upgrade to version 3.0.2, which fixes the issue.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-48796",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/dolphinscheduler/CVE-2023-49068.cve.json b/static/projects/dolphinscheduler/CVE-2023-49068.cve.json
new file mode 100644
index 0000000..5084dc3
--- /dev/null
+++ b/static/projects/dolphinscheduler/CVE-2023-49068.cve.json
@@ -0,0 +1,95 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Information Leakage Vulnerability",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache DolphinScheduler",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.2.1",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.<p>This issue affects Apache DolphinScheduler: before 3.2.1.<br></p><p>Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.<br></p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/dolphinscheduler/pull/15192",
+ "tags": [
+ "issue-tracking"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Y4tacker and 4ra1n from Y4secTeam",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-49068",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/dolphinscheduler/CVE-2023-49620.cve.json b/static/projects/dolphinscheduler/CVE-2023-49620.cve.json
new file mode 100644
index 0000000..8df2c07
--- /dev/null
+++ b/static/projects/dolphinscheduler/CVE-2023-49620.cve.json
@@ -0,0 +1,95 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Authenticated users could delete UDFs in resource center they were not authorized for",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-862 Missing Authorization",
+ "lang": "en",
+ "cweId": "CWE-862",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache DolphinScheduler",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.0.0",
+ "lessThan": "3.1.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with\u00a0unauthorized\u00a0access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this\u00a0vulnerability",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/apache/dolphinscheduler/pull/10307",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Yuanheng Lab of zhongfu",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-49620",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/hadoop/CVE-2023-26031.cve.json b/static/projects/hadoop/CVE-2023-26031.cve.json
new file mode 100644
index 0000000..7c746f0
--- /dev/null
+++ b/static/projects/hadoop/CVE-2023-26031.cve.json
@@ -0,0 +1,140 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-426 Untrusted Search Path",
+ "lang": "en",
+ "cweId": "CWE-426",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "YARN-11441"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Hadoop",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.3.1",
+ "lessThan": "3.3.5",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.\n\nHadoop 3.3.0 updated the \" YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html \" to add a feature for executing user-submitted applications in isolated linux containers.\n\nThe native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.\n\nThe patch \" YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.\nIf the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.\n\nThe fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , \"Revert YARN-10495\". This patch is in hadoop-3.3.5.\n\nTo determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/:../lib/native/]\n\nIf it does not, then it is safe:\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/]\n\nFor an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set\n\n$ ls -laF /opt/hadoop/bin/container-executor\n---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nA safe installation lacks the suid bit; ideally is also not owned by root.\n\n$ ls -laF /opt/hadoop/bin/container-executor\n-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<br>Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.<br><br>Hadoop 3.3.0 updated the \"<a target=\"_blank\" rel=\"nofollow\" href=\"https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html\">YARN Secure Containers</a>\" to add a feature for executing user-submitted applications in isolated linux containers.<br><br>The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.<br><br>The patch \"<a target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/YARN-10495\">YARN-10495</a>. make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.<br>If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.<br><br>The fix for the vulnerability is to revert the change, which is done in <a target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/YARN-11441\">YARN-11441</a>, \"Revert YARN-10495\". This patch is in hadoop-3.3.5.<br><br>To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk<br><br><tt>$ readelf -d container-executor|grep <span style=\"background-color: rgb(255, 255, 255);\">'RUNPATH\\|RPATH'</span> <br>0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/]</tt><br><br>If it does not, then it is safe:<br><br><tt>$ readelf -d container-executor|grep <span style=\"background-color: rgb(255, 255, 255);\">'RUNPATH\\|RPATH'</span> <br>0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/]</tt><br><br>For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set<br><tt><br>$ ls -laF /opt/hadoop/bin/container-executor<br>---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor</tt><br><br>A safe installation lacks the suid bit; ideally is also not owned by root.<br><br><tt>$ ls -laF /opt/hadoop/bin/container-executor<br>-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor</tt><br><br>This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.<br><br><br><br><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://issues.apache.org/jira/browse/YARN-11441",
+ "tags": [
+ "issue-tracking"
+ ]
+ },
+ {
+ "url": "https://hadoop.apache.org/cve_list.html",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "critical"
+ }
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "lang": "en",
+ "value": "The owner of the\u00a0container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".\n \nIn an installation using the hadoop.tar.gz file the binary's owner is that of the installing user, and without the suid permission is not at risk. \n\nHowever, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable\n\nThe container-executor\u00a0binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "The owner of the container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".<br> <br>In an installation using the hadoop.tar.gz file the binary's owner is that of the installing user, and without the suid permission is not at risk. <br><br>However, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable<br><br>The container-executor binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command."
+ }
+ ]
+ }
+ ],
+ "workarounds": [
+ {
+ "lang": "en",
+ "value": " * Upgrade to Apache Hadoop 3.3.5\n * If\u00a0Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.\n * If Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor\u00a0binary with that of the 3.3.5 release.\n\nAs most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<ol><li><span style=\"background-color: var(--wht);\">Upgrade to Apache Hadoop 3.3.5</span></li><li><span style=\"background-color: var(--wht);\">If Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.</span></li><li><span style=\"background-color: var(--wht);\">If Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor binary with that of the 3.3.5 release.</span><br></li></ol>As most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue."
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Esa Hiltunen",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Mikko Kortelainen",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "The Teragrep Project",
+ "type": "sponsor"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-26031",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/httpd/CVE-2023-31122.cve.json b/static/projects/httpd/CVE-2023-31122.cve.json
new file mode 100644
index 0000000..276cc8a
--- /dev/null
+++ b/static/projects/httpd/CVE-2023-31122.cve.json
@@ -0,0 +1,96 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "mod_macro buffer over-read",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-125 Out-of-bounds Read",
+ "lang": "en",
+ "cweId": "CWE-125",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache HTTP Server",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThanOrEqual": "2.4.57",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.<p>This issue affects Apache HTTP Server: through 2.4.57.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-04-04T00:00:00.000Z",
+ "lang": "en",
+ "value": "Reported to security team"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "David Shoon (github/davidshoon)",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-31122",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/httpd/CVE-2023-43622.cve.json b/static/projects/httpd/CVE-2023-43622.cve.json
new file mode 100644
index 0000000..48c2a4a
--- /dev/null
+++ b/static/projects/httpd/CVE-2023-43622.cve.json
@@ -0,0 +1,111 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "DoS in HTTP/2 with initial windows size 0",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-400 Uncontrolled Resource Consumption",
+ "lang": "en",
+ "cweId": "CWE-400",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache HTTP Server",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.4.55",
+ "lessThanOrEqual": "2.4.57",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.<br><p>This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.</p><p>This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.</p><p>Users are recommended to upgrade to version 2.4.58, which fixes the issue.</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-09-15T09:51:00.000Z",
+ "lang": "en",
+ "value": "reported"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Prof. Sven Dietrich (City University of New York)",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Isa Jafarov (City University of New York)",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Prof. Heejo Lee (Korea University)",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Choongin Lee (Korea University)",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-43622",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/httpd/CVE-2023-45802.cve.json b/static/projects/httpd/CVE-2023-45802.cve.json
new file mode 100644
index 0000000..0f9a7df
--- /dev/null
+++ b/static/projects/httpd/CVE-2023-45802.cve.json
@@ -0,0 +1,101 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "HTTP/2 stream memory not reclaimed right away on RST",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-400 Uncontrolled Resource Consumption",
+ "lang": "en",
+ "cweId": "CWE-400",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache HTTP Server",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.4.17",
+ "lessThanOrEqual": "2.4.57",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\n\nThis was found by the reporter during testing of\u00a0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.<br><br>This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.<br><br>Users are recommended to upgrade to version 2.4.58, which fixes the issue.<br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-10-12T11:47:00.000Z",
+ "lang": "en",
+ "value": "reported"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Will Dormann of Vul Labs",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "David Warren of Vul Labs",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-45802",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/inlong/CVE-2023-46227.cve.json b/static/projects/inlong/CVE-2023-46227.cve.json
new file mode 100644
index 0000000..4e4931b
--- /dev/null
+++ b/static/projects/inlong/CVE-2023-46227.cve.json
@@ -0,0 +1,94 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Apache inlong has an Arbitrary File Read Vulnerability",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache InLong",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "1.4.0",
+ "lessThanOrEqual": "1.8.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "\nDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.\n\nThis issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \\t to bypass.\u00a0Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8814 \n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\nDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.\n\n</span><p>This issue affects Apache InLong: from 1.4.0 through 1.8.0, the a<span style=\"background-color: rgb(255, 255, 255);\">ttacker can use \\t to bypass. </span>Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.</p><p><span style=\"background-color: rgb(255, 255, 255);\">[1] </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/8814\"></a><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/8814\">https://github.com/apache/inlong/pull/8814</a></p>\n\n"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Snakinya",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "s3gundo",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46227",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/nifi/CVE-2023-49145.cve.json b/static/projects/nifi/CVE-2023-49145.cve.json
new file mode 100644
index 0000000..0554793
--- /dev/null
+++ b/static/projects/nifi/CVE-2023-49145.cve.json
@@ -0,0 +1,131 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Improper Neutralization of Input in Advanced User Interface for Jolt",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "lang": "en",
+ "cweId": "CWE-79",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "NIFI-12403"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache NiFi",
+ "packageName": "org.apache.nifi:nifi-jolt-transform-json-ui",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0.7.0",
+ "lessThanOrEqual": "1.23.2",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary\nJavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary\nJavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation."
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://nifi.apache.org/security.html#CVE-2023-49145",
+ "tags": [
+ "release-notes"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseSeverity": "HIGH",
+ "baseScore": 7.9,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-11-22T17:00:00.000Z",
+ "lang": "en",
+ "value": "reported"
+ },
+ {
+ "time": "2023-11-22T18:00:00.000Z",
+ "lang": "en",
+ "value": "confirmed"
+ },
+ {
+ "time": "2023-11-22T20:00:00.000Z",
+ "lang": "en",
+ "value": "resolved"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dr. Oliver Matula, DB Systel GmbH",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-49145",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/ofbiz/CVE-2023-46819.cve.json b/static/projects/ofbiz/CVE-2023-46819.cve.json
new file mode 100644
index 0000000..346c715
--- /dev/null
+++ b/static/projects/ofbiz/CVE-2023-46819.cve.json
@@ -0,0 +1,107 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Execution of Solr plugin queries without authentication",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-306 Missing Authentication for Critical Function",
+ "lang": "en",
+ "cweId": "CWE-306",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache OFBiz",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "18.12.09",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.\nThis issue affects Apache OFBiz: before 18.12.09.\u00a0\n\nUsers are recommended to upgrade to version 18.12.09\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.<br><p>This issue affects Apache OFBiz: before 18.12.09. \n\n<span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to version 18.12.09</span></p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://ofbiz.apache.org/download.html",
+ "tags": [
+ "mitigation"
+ ]
+ },
+ {
+ "url": "https://ofbiz.apache.org/security.html",
+ "tags": [
+ "related"
+ ]
+ },
+ {
+ "url": "https://ofbiz.apache.org/release-notes-18.12.09.html",
+ "tags": [
+ "release-notes"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Anonymous by demand",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46819",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/santuario/CVE-2023-44483.cve.json b/static/projects/santuario/CVE-2023-44483.cve.json
new file mode 100644
index 0000000..42ee437
--- /dev/null
+++ b/static/projects/santuario/CVE-2023-44483.cve.json
@@ -0,0 +1,101 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Private Key disclosure in debug-log output",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-532 Insertion of Sensitive Information into Log File",
+ "lang": "en",
+ "cweId": "CWE-532",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Santuario",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.2",
+ "lessThan": "2.2.6",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "2.3",
+ "lessThan": "2.3.4",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "3.0",
+ "lessThan": "3.0.3",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.<br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "moderate"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue.",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-44483",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/shenyu/CVE-2023-25753.cve.json b/static/projects/shenyu/CVE-2023-25753.cve.json
new file mode 100644
index 0000000..889c726
--- /dev/null
+++ b/static/projects/shenyu/CVE-2023-25753.cve.json
@@ -0,0 +1,89 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Server-Side Request Forgery in Apache ShenYu",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "lang": "en",
+ "cweId": "CWE-918",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache ShenYu",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThanOrEqual": "2.5.1",
+ "versionType": "maven"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "\n\n<p>There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.</p><p>Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.</p><p>\n\n</p><p>This issue affects Apache ShenYu: 2.5.1.</p><p>Upgrade to Apache ShenYu 2.6.0 or apply patch <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/shenyu/pull/4776\">https://github.com/apache/shenyu/pull/4776</a> .</p><p></p>\n\n"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "by3",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-25753",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/storm/CVE-2023-43123.cve.json b/static/projects/storm/CVE-2023-43123.cve.json
new file mode 100644
index 0000000..2e53e75
--- /dev/null
+++ b/static/projects/storm/CVE-2023-43123.cve.json
@@ -0,0 +1,91 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Storm",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "storm-core",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.0.0",
+ "lessThan": "2.6.0",
+ "versionType": "maven"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\n\nThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\n\nFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. \n\nThis affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 \n\nIn practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring\n\n is set to false, but its value is true by default.\nMoreover, the temporary file gets deleted soon after its creation.\n\nThe solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.\n\nWe recommend that all users upgrade to the latest version of Apache Storm.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.<br><br>The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.<br></div><div><br></div><div>File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. <br><br>This affects the class <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99\">https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99</a> and was introduced by <a target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/STORM-3123\">https://issues.apache.org/jira/browse/STORM-3123</a><br></div><div><br>In practice, this has a very limited impact as this class is used only if <span style=\"background-color: rgb(206, 204, 247);\">ui.disable.spout.lag.monitoring</span></div> <div><span style=\"background-color: var(--wht);\">is set to false, but its value is true by default.<br>Moreover, the temporary file gets deleted soon after its creation.<br><br>The solution is to use </span><span style=\"background-color: var(--hig);\"><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...)\">Files.createTempFile</a></span><span style=\"background-color: var(--wht);\"> instead.<br><br>We recommend that all users upgrade to the latest version of Apache Storm.</span></div><div><span style=\"background-color: var(--wht);\"><br></span></div><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "low"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Andrea Cosentino from Apache Software Foundation",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-43123",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/submarine/CVE-2023-37924.cve.json b/static/projects/submarine/CVE-2023-37924.cve.json
new file mode 100644
index 0000000..dd42ee5
--- /dev/null
+++ b/static/projects/submarine/CVE-2023-37924.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "SQL injection from unauthorized login",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "lang": "en",
+ "cweId": "CWE-89",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "SUBMARINE-1361"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Submarine",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0.7.0",
+ "lessThan": "0.8.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.\nNow we have fixed this issue and now user must have the correct login to access workbench.\nThis issue affects Apache Submarine: from 0.7.0 before 0.8.0.\u00a0We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.\nIf using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.<br><span style=\"background-color: rgb(255, 255, 255);\">Now we have fixed this issue and now user must have the correct login to access workbench.</span><br><p>This issue affects Apache Submarine: from 0.7.0 before 0.8.0. <span style=\"background-color: rgb(255, 255, 255);\">We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.</span><span style=\"background-color: rgb(255, 255, 255);\"><br><span style=\"background-color: rgb(255, 255, 255);\">If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/submarine/pull/1054\">https://github.com/apache/submarine/pull/1037</a> and rebuild the submarine-server image to fix this.</span><br></span></p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://issues.apache.org/jira/browse/SUBMARINE-1361",
+ "tags": [
+ "issue-tracking"
+ ]
+ },
+ {
+ "url": "https://github.com/apache/submarine/pull/1037",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "critical"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lengjingqicai(\u68f1\u955c\u4e03\u5f69\u5f00\u6e90\u5b89\u5168\u7814\u7a76\u9662)",
+ "type": "reporter"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-37924",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/submarine/CVE-2023-46302.cve.json b/static/projects/submarine/CVE-2023-46302.cve.json
new file mode 100644
index 0000000..1907b5a
--- /dev/null
+++ b/static/projects/submarine/CVE-2023-46302.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Fix CVE-2022-1471 SnakeYaml unsafe deserialization",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "defect": [
+ "SUBMARINE-1371"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Submarine",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0.7.0",
+ "lessThan": "0.8.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 .\n\nApache Submarine uses JAXRS to define REST endpoints. In order to\nhandle YAML requests (using application/yaml content-type), it defines\na YamlEntityProvider entity provider that will process all incoming\nYAML requests. In order to unmarshal the request, the readFrom method\nis invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`.\n \nWe have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`.\nThis issue affects Apache Submarine: from 0.7.0 before 0.8.0.\u00a0Users are recommended to upgrade to version 0.8.0, which fixes this issue.\nIf using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml <a target=\"_blank\" rel=\"nofollow\" href=\"https://nvd.nist.gov/vuln/detail/CVE-2022-1471\">https://nvd.nist.gov/vuln/detail/CVE-2022-1471</a>.<br><br>Apache Submarine uses JAXRS to define REST endpoints. In order to\nhandle YAML requests (using application/yaml content-type), it defines\na YamlEntityProvider entity provider that will process all incoming\nYAML requests. In order to unmarshal the request, the readFrom method\nis invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`.<br> <br>We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`.<br>This issue affects Apache Submarine: from 0.7.0 before 0.8.0. <span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to version 0.8.0, which fixes this issue.<br><span style=\"background-color: rgb(255, 255, 255);\">If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/submarine/pull/1054\">https://github.com/apache/submarine/pull/1054</a> and rebuild the submart-server image to fix this.</span><br><br></span><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://issues.apache.org/jira/browse/SUBMARINE-1371",
+ "tags": [
+ "issue-tracking"
+ ]
+ },
+ {
+ "url": "https://github.com/apache/submarine/pull/1054",
+ "tags": [
+ "patch"
+ ]
+ },
+ {
+ "url": "https://lists.apache.org/thread/zf0wppzh239j4h131hm1dbswfnztxrr5",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "critical"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "GHSL team member @jorgectf (Jorge Rosillo)",
+ "type": "reporter"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46302",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/superset/CVE-2023-40610.cve.json b/static/projects/superset/CVE-2023-40610.cve.json
new file mode 100644
index 0000000..53a5b3b
--- /dev/null
+++ b/static/projects/superset/CVE-2023-40610.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Privilege escalation with default examples database",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-863 Incorrect Authorization",
+ "lang": "en",
+ "cweId": "CWE-863",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Superset",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "2.1.2",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Improper authorization check and possible privilege escalation on Apache Superset\u00a0up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.<br><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "LEXFO for Orange Innovation and Orange CERT-CC at Orange group",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-40610",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/superset/CVE-2023-42501.cve.json b/static/projects/superset/CVE-2023-42501.cve.json
new file mode 100644
index 0000000..6736b5e
--- /dev/null
+++ b/static/projects/superset/CVE-2023-42501.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Unnecessary read permissions within the Gamma role",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-276 Incorrect Default Permissions",
+ "lang": "en",
+ "cweId": "CWE-276",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Superset",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "2.1.2",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.<br>This issue affects Apache Superset: before 2.1.2.<br>Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.<br><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Miguel Segovia Gil",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-42501",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/superset/CVE-2023-42502.cve.json b/static/projects/superset/CVE-2023-42502.cve.json
new file mode 100644
index 0000000..132d6e1
--- /dev/null
+++ b/static/projects/superset/CVE-2023-42502.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Open Redirect Vulnerability",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
+ "lang": "en",
+ "cweId": "CWE-601",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Superset",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.0.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the <span style=\"background-color: rgb(255, 255, 255);\">HTTP Host header</span>, users could be redirected to this site when clicking on that specific dataset. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset versions before 3.0.0.</span><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 4.8,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Amit Laish \u2013 GE Vernova",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-42502",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/superset/CVE-2023-42504.cve.json b/static/projects/superset/CVE-2023-42504.cve.json
new file mode 100644
index 0000000..ddaf436
--- /dev/null
+++ b/static/projects/superset/CVE-2023-42504.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Lack of rate limiting allows for possible denial of service",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
+ "lang": "en",
+ "cweId": "CWE-770",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Superset",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.0.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<p>An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.</p><p>This issue affects Apache Superset: before 3.0.0</p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseSeverity": "HIGH",
+ "baseScore": 7.7,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Amit Laish \u2013 GE Vernova",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-42504",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/superset/CVE-2023-42505.cve.json b/static/projects/superset/CVE-2023-42505.cve.json
new file mode 100644
index 0000000..2bb67d9
--- /dev/null
+++ b/static/projects/superset/CVE-2023-42505.cve.json
@@ -0,0 +1,104 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Sensitive information disclosure on db connection details",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "lang": "en",
+ "cweId": "CWE-200",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Superset",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.0.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<p>An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.<br><br></p><p>This issue affects Apache Superset before 3.0.0.<br></p>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": " Leonel John Erik Angel Torres",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-42505",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/tomcat/CVE-2023-46589.cve.json b/static/projects/tomcat/CVE-2023-46589.cve.json
new file mode 100644
index 0000000..ca4a6bb
--- /dev/null
+++ b/static/projects/tomcat/CVE-2023-46589.cve.json
@@ -0,0 +1,107 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "HTTP request smuggling via malformed trailer headers",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-20 Improper Input Validation",
+ "lang": "en",
+ "cweId": "CWE-20",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache Tomcat",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "11.0.0-M1",
+ "lessThanOrEqual": "11.0.0-M10",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "10.1.0-M1",
+ "lessThanOrEqual": "10.1.15",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "9.0.0-M1",
+ "lessThanOrEqual": "9.0.82",
+ "versionType": "semver"
+ },
+ {
+ "status": "affected",
+ "version": "8.5.0",
+ "lessThanOrEqual": "8.5.95",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M11\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Improper Input Validation vulnerability in Apache Tomcat.<p>Tomcat <span style=\"background-color: rgb(255, 255, 255);\">from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95</span> did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.<br></p><p><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.</span></p><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Norihito Aimoto (OSSTech Corporation) ",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-46589",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
diff --git a/static/projects/uima/CVE-2023-39913.cve.json b/static/projects/uima/CVE-2023-39913.cve.json
new file mode 100644
index 0000000..d14c9c7
--- /dev/null
+++ b/static/projects/uima/CVE-2023-39913.cve.json
@@ -0,0 +1,146 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "Potential untrusted code execution when deserializing certain binary CAS formats",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-502 Deserialization of Untrusted Data",
+ "lang": "en",
+ "cweId": "CWE-502",
+ "type": "CWE"
+ }
+ ]
+ },
+ {
+ "descriptions": [
+ {
+ "description": "CWE-20 Improper Input Validation",
+ "lang": "en",
+ "cweId": "CWE-20",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache UIMA Java SDK Core",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.uima:uimaj-core",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.5.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache UIMA Java SDK CPE",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.uima:uimaj-cpe",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.5.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache UIMA Java SDK Vinci adapter",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.uima:uimaj-adapter-vinci",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.5.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ },
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache UIMA Java SDK tools",
+ "collectionURL": "https://repo.maven.apache.org/maven2",
+ "packageName": "org.apache.uima:uimaj-tools",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "3.5.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0.\n\nUsers are recommended to upgrade to version 3.5.0, which fixes the issue.\n\nThere are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular:\n * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class;\n * the CAS Editor Eclipse plugin which uses the\u00a0the CasIOUtils class to load data;\n * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections;\n * the CasAnnotationViewerApplet and the CasTreeViewerApplet;\n * the checkpointing feature of the CPE module.\n\nNote that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object.\n\nWhen using Vinci or using CasIOUtils in own services/applications,\u00a0the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.\n\nAs a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290 \u00a0and\u00a0 https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. \n\nNote that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.\n\nTo mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the \"jdk.serialFilter\" system property using a semicolon as a separator:\n\nTo allow deserializing Java-serialized binary CASes, add the classes:\n * org.apache.uima.cas.impl.CASCompleteSerializer\n * org.apache.uima.cas.impl.CASMgrSerializer\n * org.apache.uima.cas.impl.CASSerializer\n * java.lang.String\n\nTo allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints):\n * org.apache.uima.collection.impl.cpm.CheckpointData\n * org.apache.uima.util.ProcessTrace\n * org.apache.uima.util.impl.ProcessTrace_impl\n * org.apache.uima.collection.base_cpm.SynchPoint\n\nMake sure to use \"!*\" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.\n\nApache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.\n\n",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.<p>This issue affects Apache UIMA Java SDK: before 3.5.0.</p><p>Users are recommended to upgrade to version 3.5.0, which fixes the issue.</p>There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular:<br><ul><li><span style=\"background-color: var(--wht);\">the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class;</span></li><li><span style=\"background-color: var(--wht);\">the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data;</span></li><li><span style=\"background-color: var(--wht);\">the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections;</span></li><li><span style=\"background-color: var(--wht);\">the CasAnnotationViewerApplet and the CasTreeViewerApplet;</span></li><li><span style=\"background-color: var(--wht);\">the checkpointing feature of the CPE module.</span></li></ul>Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is <b>not</b> a serialized Java object.<br><br>When using Vinci or using CasIOUtils in own services/applications, <span style=\"background-color: rgb(255, 255, 255);\">the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.</span><br><br>As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. <a target=\"_blank\" rel=\"nofollow\" href=\"https://openjdk.org/jeps/290\">https://openjdk.org/jeps/290</a> and <a target=\"_blank\" rel=\"nofollow\" href=\"https://openjdk.org/jeps/415\">https://openjdk.org/jeps/415</a>) if running UIMA on a Java version that supports it. <br><br>Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.<br><br>To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the <i>\"jdk.serialFilter\"</i> system property using a semicolon as a separator:<br><br>To allow deserializing Java-serialized binary CASes, add the classes:<br><ul><li><span style=\"background-color: var(--wht);\">org.apache.uima.cas.impl.CASCompleteSerializer</span></li><li>org.apache.uima.cas.impl.CASMgrSerializer</li><li>org.apache.uima.cas.impl.CASSerializer</li><li>java.lang.String</li></ul>To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints):<br><ul><li>org.apache.uima.collection.impl.cpm.CheckpointData</li><li>org.apache.uima.util.ProcessTrace</li><li>org.apache.uima.util.impl.ProcessTrace_impl</li><li>org.apache.uima.collection.base_cpm.SynchPoint</li></ul>Make sure to use \"!*\" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.<br><br>Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.<br><br>"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/lw30f4qlq3mhkhpljj16qw4fot3rg7v4",
+ "tags": [
+ "vendor-advisory"
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Huangzhicong from CodeSafe Team of Legendsec at Qi\u2019anxin",
+ "type": "reporter"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "cveId": "CVE-2023-39913",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
\ No newline at end of file
