bitnami
/
vulndb
mirror of https://github.com/bitnami/vulndb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update 20241212070339 (#687) 

feat: Updated at 20241212070339

Signed-off-by: bitnami-bot <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2024-12-12 08:39:44 +01:00 committed by GitHub
parent 874be22646
commit 94e91f9f23
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 92 additions and 418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
data/airflow/BIT-airflow-2024-25142.json
View File

@ -12,6 +12,12 @@
"name": "airflow",
"purl": "pkg:bitnami/airflow"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
@ -28,7 +34,7 @@
}
],
"database_specific": {
"severity": "Unknown",
"severity": "Medium",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
@ -48,5 +54,5 @@
}
],
"published": "2024-06-18T07:17:29.631Z",
"modified": "2024-11-27T19:40:48.342Z"
"modified": "2024-12-12T07:36:17.144Z"
}

10
data/airflow/BIT-airflow-2024-28746.json
View File

@ -12,6 +12,12 @@
"name": "airflow",
"purl": "pkg:bitnami/airflow"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
@ -28,7 +34,7 @@
}
],
"database_specific": {
"severity": "Unknown",
"severity": "High",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
@ -49,5 +55,5 @@
}
],
"published": "2024-03-31T18:16:36.634Z",
"modified": "2024-06-17T07:56:05.360Z"
"modified": "2024-12-12T07:36:17.144Z"
}

10
data/airflow/BIT-airflow-2024-32077.json
View File

@ -12,6 +12,12 @@
"name": "airflow",
"purl": "pkg:bitnami/airflow"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
@ -28,7 +34,7 @@
}
],
"database_specific": {
"severity": "Unknown",
"severity": "Medium",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
@ -49,5 +55,5 @@
}
],
"published": "2024-05-24T07:15:55.746Z",
"modified": "2024-06-17T07:56:05.360Z"
"modified": "2024-12-12T07:36:17.144Z"
}

118
data/python/BIT-python-2023-6597.json
View File

@ -1,118 +0,0 @@
{
"schema_version": "1.5.0",
"id": "BIT-python-2023-6597",
"details": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.",
"aliases": [
"CVE-2023-6597"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.3"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.9"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.14"
},
{
"introduced": "3.9.0"
},
{
"fixed": "3.9.19"
},
{
"introduced": "0"
},
{
"fixed": "3.8.19"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/91133"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
}
],
"published": "2024-03-25T07:27:48.606Z",
"modified": "2024-06-12T07:54:49.981Z"
}

34
data/python/BIT-python-2024-0397.json
View File

@ -23,22 +23,10 @@
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
"introduced": "0"
},
{
"fixed": "3.12.3"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.9"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.14"
"fixed": "3.8.20"
},
{
"introduced": "3.9.0"
@ -47,10 +35,22 @@
"fixed": "3.9.20"
},
{
"introduced": "0"
"introduced": "3.10.0"
},
{
"fixed": "3.8.20"
"fixed": "3.10.14"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.9"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.3"
}
]
}
@ -106,5 +106,5 @@
}
],
"published": "2024-06-20T11:18:14.556Z",
"modified": "2024-10-17T19:39:35.829Z"
"modified": "2024-12-12T07:36:17.144Z"
}

130
data/python/BIT-python-2024-0450.json
View File

@ -1,130 +0,0 @@
{
"schema_version": "1.5.0",
"id": "BIT-python-2024-0450",
"details": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.",
"aliases": [
"CVE-2024-0450"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.3"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.9"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.14"
},
{
"introduced": "3.9.0"
},
{
"fixed": "3.9.19"
},
{
"introduced": "0"
},
{
"fixed": "3.8.19"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/109858"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
},
{
"type": "WEB",
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
}
],
"published": "2024-03-25T07:27:39.766Z",
"modified": "2024-06-12T07:54:49.981Z"
}

34
data/python/BIT-python-2024-4032.json
View File

@ -23,22 +23,10 @@
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
"introduced": "0"
},
{
"fixed": "3.12.4"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.15"
"fixed": "3.8.20"
},
{
"introduced": "3.9.0"
@ -47,10 +35,22 @@
"fixed": "3.9.20"
},
{
"introduced": "0"
"introduced": "3.10.0"
},
{
"fixed": "3.8.20"
"fixed": "3.10.15"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.4"
}
]
}
@ -118,5 +118,5 @@
}
],
"published": "2024-06-20T11:17:24.961Z",
"modified": "2024-09-10T07:46:00.844Z"
"modified": "2024-12-12T07:36:17.144Z"
}

34
data/python/BIT-python-2024-6923.json
View File

@ -23,22 +23,10 @@
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
"introduced": "0"
},
{
"fixed": "3.12.5"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.15"
"fixed": "3.8.20"
},
{
"introduced": "3.9.0"
@ -47,10 +35,22 @@
"fixed": "3.9.20"
},
{
"introduced": "0"
"introduced": "3.10.0"
},
{
"fixed": "3.8.20"
"fixed": "3.10.15"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.5"
}
]
}
@ -114,5 +114,5 @@
}
],
"published": "2024-08-19T09:33:54.548Z",
"modified": "2024-11-27T19:40:48.342Z"
"modified": "2024-12-12T07:36:17.144Z"
}

34
data/python/BIT-python-2024-8088.json
View File

@ -17,22 +17,10 @@
"type": "SEMVER",
"events": [
{
"introduced": "3.12.0"
"introduced": "0"
},
{
"fixed": "3.12.6"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.15"
"fixed": "3.8.20"
},
{
"introduced": "3.9.0"
@ -41,10 +29,22 @@
"fixed": "3.9.20"
},
{
"introduced": "0"
"introduced": "3.10.0"
},
{
"fixed": "3.8.20"
"fixed": "3.10.15"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.6"
}
]
}
@ -140,5 +140,5 @@
}
],
"published": "2024-09-16T12:03:43.161Z",
"modified": "2024-11-27T19:40:48.342Z"
"modified": "2024-12-12T07:36:17.144Z"
}

96
data/python/BIT-python-2024-9287.json
View File

@ -1,96 +0,0 @@
{
"schema_version": "1.5.0",
"id": "BIT-python-2024-9287",
"details": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.",
"aliases": [
"CVE-2024-9287"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.13.0"
},
{
"fixed": "3.13.1"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.8"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.11"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.16"
},
{
"introduced": "0"
},
{
"fixed": "3.9.21"
}
]
}
]
}
],
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/124651"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/124712"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
}
],
"published": "2024-10-24T07:17:50.969Z",
"modified": "2024-12-05T07:34:22.895Z"
}