1031 lines
32 KiB
JSON
1031 lines
32 KiB
JSON
[
|
|
{
|
|
"advisoryKey": "GHSA-77vh-xpmg-72qh",
|
|
"affectedPackages": [
|
|
{
|
|
"type": "semver",
|
|
"identifier": "go:github.com/opencontainers/image-spec",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "1.0.2",
|
|
"introducedVersion": null,
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": "< 1.0.2",
|
|
"exactValue": null,
|
|
"fixed": "1.0.2",
|
|
"fixedInclusive": false,
|
|
"introduced": null,
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "lessThan"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "go",
|
|
"package": "github.com/opencontainers/image-spec"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "go:github.com/opencontainers/image-spec",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4315301+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": "< 1.0.2",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "lt",
|
|
"min": null,
|
|
"minInclusive": null,
|
|
"max": "1.0.2",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:go:github.com/opencontainers/image-spec"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "go:github.com/opencontainers/image-spec",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4315301+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "go:github.com/opencontainers/image-spec",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4315301+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"aliases": [
|
|
"GHSA-77vh-xpmg-72qh"
|
|
],
|
|
"credits": [],
|
|
"cvssMetrics": [],
|
|
"exploitKnown": false,
|
|
"language": "en",
|
|
"modified": "2023-01-09T05:05:32+00:00",
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "document",
|
|
"value": "https://github.com/advisories/GHSA-77vh-xpmg-72qh",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4315294+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
},
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "mapping",
|
|
"value": "GHSA-77vh-xpmg-72qh",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4315301+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
}
|
|
],
|
|
"published": "2021-11-18T16:02:41+00:00",
|
|
"references": [],
|
|
"severity": "low",
|
|
"summary": "Clarify `mediaType` handling",
|
|
"title": "Clarify `mediaType` handling"
|
|
},
|
|
{
|
|
"advisoryKey": "GHSA-7rjr-3q55-vv33",
|
|
"affectedPackages": [
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.apache.logging.log4j:log4j-core",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "2.16.0",
|
|
"introducedVersion": "2.13.0",
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">= 2.13.0, < 2.16.0",
|
|
"exactValue": null,
|
|
"fixed": "2.16.0",
|
|
"fixedInclusive": false,
|
|
"introduced": "2.13.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "range"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.apache.logging.log4j:log4j-core"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">= 2.13.0, < 2.16.0",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "range",
|
|
"min": "2.13.0",
|
|
"minInclusive": true,
|
|
"max": "2.16.0",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.apache.logging.log4j:log4j-core"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.apache.logging.log4j:log4j-core",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "2.12.2",
|
|
"introducedVersion": null,
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": "< 2.12.2",
|
|
"exactValue": null,
|
|
"fixed": "2.12.2",
|
|
"fixedInclusive": false,
|
|
"introduced": null,
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "lessThan"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.apache.logging.log4j:log4j-core"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": "< 2.12.2",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "lt",
|
|
"min": null,
|
|
"minInclusive": null,
|
|
"max": "2.12.2",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.apache.logging.log4j:log4j-core"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.apache.logging.log4j:log4j-core",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "1.9.2",
|
|
"introducedVersion": "1.8.0",
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">= 1.8.0, < 1.9.2",
|
|
"exactValue": null,
|
|
"fixed": "1.9.2",
|
|
"fixedInclusive": false,
|
|
"introduced": "1.8.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "range"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">= 1.8.0, < 1.9.2",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "range",
|
|
"min": "1.8.0",
|
|
"minInclusive": true,
|
|
"max": "1.9.2",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "1.10.8",
|
|
"introducedVersion": "1.10.0",
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">= 1.10.0, < 1.10.8",
|
|
"exactValue": null,
|
|
"fixed": "1.10.8",
|
|
"fixedInclusive": false,
|
|
"introduced": "1.10.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "range"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">= 1.10.0, < 1.10.8",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "range",
|
|
"min": "1.10.0",
|
|
"minInclusive": true,
|
|
"max": "1.10.8",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "1.11.11",
|
|
"introducedVersion": "1.11.0",
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">= 1.11.0, < 1.11.11",
|
|
"exactValue": null,
|
|
"fixed": "1.11.11",
|
|
"fixedInclusive": false,
|
|
"introduced": "1.11.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "range"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">= 1.11.0, < 1.11.11",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "range",
|
|
"min": "1.11.0",
|
|
"minInclusive": true,
|
|
"max": "1.11.11",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "semver",
|
|
"identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "2.0.12",
|
|
"introducedVersion": "2.0.0",
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">= 2.0.0, < 2.0.12",
|
|
"exactValue": null,
|
|
"fixed": "2.0.12",
|
|
"fixedInclusive": false,
|
|
"introduced": "2.0.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "range"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "maven",
|
|
"package": "org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">= 2.0.0, < 2.0.12",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "range",
|
|
"min": "2.0.0",
|
|
"minInclusive": true,
|
|
"max": "2.0.12",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "maven:org.ops4j.pax.logging:pax-logging-log4j2",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"aliases": [
|
|
"GHSA-7rjr-3q55-vv33"
|
|
],
|
|
"credits": [
|
|
{
|
|
"displayName": "afdesk",
|
|
"role": "analyst",
|
|
"contacts": [
|
|
"https://github.com/afdesk"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "afdesk",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"displayName": "mrjonstrong",
|
|
"role": "analyst",
|
|
"contacts": [
|
|
"https://github.com/mrjonstrong"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "mrjonstrong",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"displayName": "ppkarwasz",
|
|
"role": "analyst",
|
|
"contacts": [
|
|
"https://github.com/ppkarwasz"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "ppkarwasz",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"cvssMetrics": [],
|
|
"exploitKnown": false,
|
|
"language": "en",
|
|
"modified": "2025-05-09T12:28:41+00:00",
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "document",
|
|
"value": "https://github.com/advisories/GHSA-7rjr-3q55-vv33",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318432+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
},
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "mapping",
|
|
"value": "GHSA-7rjr-3q55-vv33",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4318439+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
}
|
|
],
|
|
"published": "2021-12-14T18:01:28+00:00",
|
|
"references": [],
|
|
"severity": "critical",
|
|
"summary": "Incomplete fix for Apache Log4j vulnerability",
|
|
"title": "Incomplete fix for Apache Log4j vulnerability"
|
|
},
|
|
{
|
|
"advisoryKey": "GHSA-cjjf-27cc-pvmv",
|
|
"affectedPackages": [
|
|
{
|
|
"type": "semver",
|
|
"identifier": "pip:pyload-ng",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "0.5.0b3.dev91",
|
|
"introducedVersion": null,
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": "< 0.5.0b3.dev91",
|
|
"exactValue": null,
|
|
"fixed": "0.5.0b3.dev91",
|
|
"fixedInclusive": false,
|
|
"introduced": null,
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "lessThan"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "pip",
|
|
"package": "pyload-ng"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "pip:pyload-ng",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4306422+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": "< 0.5.0b3.dev91",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "lt",
|
|
"min": null,
|
|
"minInclusive": null,
|
|
"max": "0.5.0b3.dev91",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:pip:pyload-ng"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "pip:pyload-ng",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4306422+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "pip:pyload-ng",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4306422+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"aliases": [
|
|
"GHSA-cjjf-27cc-pvmv"
|
|
],
|
|
"credits": [
|
|
{
|
|
"displayName": "odaysec",
|
|
"role": "reporter",
|
|
"contacts": [
|
|
"https://github.com/odaysec"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "odaysec",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4306422+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"cvssMetrics": [],
|
|
"exploitKnown": false,
|
|
"language": "en",
|
|
"modified": "2025-10-09T15:19:48+00:00",
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "document",
|
|
"value": "https://github.com/advisories/GHSA-cjjf-27cc-pvmv",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.430641+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
},
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "mapping",
|
|
"value": "GHSA-cjjf-27cc-pvmv",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.4306422+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
}
|
|
],
|
|
"published": "2025-10-09T15:19:48+00:00",
|
|
"references": [],
|
|
"severity": "high",
|
|
"summary": "pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters",
|
|
"title": "pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters"
|
|
},
|
|
{
|
|
"advisoryKey": "GHSA-wv4w-6qv2-qqfg",
|
|
"affectedPackages": [
|
|
{
|
|
"type": "semver",
|
|
"identifier": "pip:social-auth-app-django",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "5.6.0",
|
|
"introducedVersion": null,
|
|
"lastAffectedVersion": null,
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": "< 5.6.0",
|
|
"exactValue": null,
|
|
"fixed": "5.6.0",
|
|
"fixedInclusive": false,
|
|
"introduced": null,
|
|
"introducedInclusive": true,
|
|
"lastAffected": null,
|
|
"lastAffectedInclusive": false,
|
|
"style": "lessThan"
|
|
},
|
|
"vendorExtensions": {
|
|
"ecosystem": "pip",
|
|
"package": "social-auth-app-django"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-range",
|
|
"value": "pip:social-auth-app-django",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": "< 5.6.0",
|
|
"rangeKind": "semver"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "lt",
|
|
"min": null,
|
|
"minInclusive": null,
|
|
"max": "5.6.0",
|
|
"maxInclusive": false,
|
|
"value": null,
|
|
"notes": "ghsa:pip:social-auth-app-django"
|
|
}
|
|
],
|
|
"statuses": [
|
|
{
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "affected-status",
|
|
"value": "pip:social-auth-app-django",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].statuses[]"
|
|
]
|
|
},
|
|
"status": "affected"
|
|
}
|
|
],
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "affected",
|
|
"value": "pip:social-auth-app-django",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"aliases": [
|
|
"GHSA-wv4w-6qv2-qqfg"
|
|
],
|
|
"credits": [
|
|
{
|
|
"displayName": "nijel",
|
|
"role": "remediation_developer",
|
|
"contacts": [
|
|
"https://github.com/nijel"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "nijel",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"displayName": "mel-mason",
|
|
"role": "reporter",
|
|
"contacts": [
|
|
"https://github.com/mel-mason"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "mel-mason",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"displayName": "vanya909",
|
|
"role": "reporter",
|
|
"contacts": [
|
|
"https://github.com/vanya909"
|
|
],
|
|
"provenance": {
|
|
"source": "ghsa",
|
|
"kind": "credit",
|
|
"value": "vanya909",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"credits[]"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"cvssMetrics": [],
|
|
"exploitKnown": false,
|
|
"language": "en",
|
|
"modified": "2025-10-09T17:08:06+00:00",
|
|
"provenance": [
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "document",
|
|
"value": "https://github.com/advisories/GHSA-wv4w-6qv2-qqfg",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823199+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
},
|
|
{
|
|
"source": "ghsa",
|
|
"kind": "mapping",
|
|
"value": "GHSA-wv4w-6qv2-qqfg",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-10-12T19:48:04.3823222+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
}
|
|
],
|
|
"published": "2025-10-09T17:08:05+00:00",
|
|
"references": [],
|
|
"severity": "medium",
|
|
"summary": "Python Social Auth - Django has unsafe account association",
|
|
"title": "Python Social Auth - Django has unsafe account association"
|
|
}
|
|
] |