bitnami
/
vulndb
mirror of https://github.com/bitnami/vulndb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update 20241022115041 (#648) 

feat: Updated at 20241022115041

Signed-off-by: bitnami-bot <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2024-10-22 14:24:26 +02:00 committed by GitHub
parent 27af8640ef
commit e89b6be9b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 538 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
data/haproxy/BIT-haproxy-2024-49214.json Normal file
View File

@ -0,0 +1,80 @@
{
"schema_version": "1.5.0",
"id": "BIT-haproxy-2024-49214",
"details": "QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.",
"aliases": [
"CVE-2024-49214"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "haproxy",
"purl": "pkg:bitnami/haproxy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.5"
},
{
"introduced": "0"
},
{
"fixed": "2.9.11"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46"
},
{
"type": "WEB",
"url": "https://www.haproxy.org/download/2.9/src/CHANGELOG"
},
{
"type": "WEB",
"url": "https://www.haproxy.org/download/3.0/src/CHANGELOG"
},
{
"type": "WEB",
"url": "https://www.haproxy.org/download/3.1/src/CHANGELOG"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg45291.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg45314.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg45315.html"
}
],
"published": "2024-10-22T11:56:51.321Z",
"modified": "2024-10-22T12:23:25.488Z"
}

162
data/python/BIT-python-2023-27043.json Normal file
View File

@ -0,0 +1,162 @@
{
"schema_version": "1.5.0",
"id": "BIT-python-2023-27043",
"details": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"aliases": [
"CVE-2023-27043"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.20"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.6"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.10"
},
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.15"
},
{
"introduced": "3.9.0"
},
{
"fixed": "3.9.20"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "http://python.org"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/102988"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/"
},
{
"type": "WEB",
"url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230601-0003/"
}
],
"published": "2024-10-22T12:06:11.918Z",
"modified": "2024-10-22T12:23:25.488Z"
}

80
data/rails/BIT-rails-2024-41128.json Normal file
View File

@ -0,0 +1,80 @@
{
"schema_version": "1.5.0",
"id": "BIT-rails-2024-41128",
"details": "Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.",
"aliases": [
"CVE-2024-41128"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "rails",
"purl": "pkg:bitnami/rails"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
},
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.5"
},
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2024-41128"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj"
}
],
"published": "2024-10-22T12:04:51.520Z",
"modified": "2024-10-22T12:23:25.488Z"
}

72
data/rails/BIT-rails-2024-47887.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-rails-2024-47887",
"details": "Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.",
"aliases": [
"CVE-2024-47887"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "rails",
"purl": "pkg:bitnami/rails"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
},
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.5"
},
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4"
}
],
"published": "2024-10-22T12:04:42.603Z",
"modified": "2024-10-22T12:23:25.488Z"
}

72
data/rails/BIT-rails-2024-47888.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-rails-2024-47888",
"details": "Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.",
"aliases": [
"CVE-2024-47888"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "rails",
"purl": "pkg:bitnami/rails"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
},
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.5"
},
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw"
}
],
"published": "2024-10-22T12:04:35.115Z",
"modified": "2024-10-22T12:23:25.488Z"
}

72
data/rails/BIT-rails-2024-47889.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-rails-2024-47889",
"details": "Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.",
"aliases": [
"CVE-2024-47889"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "rails",
"purl": "pkg:bitnami/rails"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
},
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.5"
},
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6"
}
],
"published": "2024-10-22T12:04:26.521Z",
"modified": "2024-10-22T12:23:25.488Z"
}