Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/02/GHSA-23h8-ggh4-vmhv/GHSA-23h8-ggh4-vmhv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23h8-ggh4-vmhv",
-  "modified": "2024-02-06T21:30:26Z",
+  "modified": "2024-02-10T06:30:18Z",
   "published": "2024-02-06T21:30:26Z",
   "aliases": [
     "CVE-2024-22240"
@@ -28,7 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-552"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2024/02/GHSA-2q4f-xv44-vmqf/GHSA-2q4f-xv44-vmqf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2q4f-xv44-vmqf",
-  "modified": "2024-02-06T21:30:26Z",
+  "modified": "2024-02-10T06:30:18Z",
   "published": "2024-02-06T21:30:26Z",
   "aliases": [
     "CVE-2024-22238"
@@ -28,7 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2024/02/GHSA-338x-q4qx-prw7/GHSA-338x-q4qx-prw7.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-338x-q4qx-prw7",
-  "modified": "2024-02-08T03:32:45Z",
+  "modified": "2024-02-10T06:30:19Z",
   "published": "2024-02-08T03:32:45Z",
   "aliases": [
     "CVE-2024-24018"
   ],
   "details": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-02-08T01:15:27Z"

advisories/unreviewed/2024/02/GHSA-3938-2cj5-r45m/GHSA-3938-2cj5-r45m.json

@@ -36,7 +36,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-22"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/02/GHSA-39f6-9c52-27p8/GHSA-39f6-9c52-27p8.json

@@ -32,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-312"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2024/02/GHSA-3c3r-6mf2-xcmp/GHSA-3c3r-6mf2-xcmp.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3c3r-6mf2-xcmp",
-  "modified": "2024-02-06T18:30:21Z",
+  "modified": "2024-02-10T06:30:18Z",
   "published": "2024-02-06T18:30:21Z",
   "aliases": [
     "CVE-2024-24013"
   ],
   "details": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-02-06T16:15:52Z"

advisories/unreviewed/2024/02/GHSA-3x87-pjpc-6c9c/GHSA-3x87-pjpc-6c9c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3x87-pjpc-6c9c",
-  "modified": "2024-02-05T09:30:28Z",
+  "modified": "2024-02-10T06:30:18Z",
   "published": "2024-02-05T09:30:28Z",
   "aliases": [
     "CVE-2024-24864"

advisories/unreviewed/2024/02/GHSA-4w4v-5hc9-xrr2/GHSA-4w4v-5hc9-xrr2.json

@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w4v-5hc9-xrr2",
+  "modified": "2024-02-10T06:30:19Z",
+  "published": "2024-02-10T06:30:19Z",
+  "aliases": [
+    "CVE-2024-21490"
+  ],
+  "details": "This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \n\n\n**Note:**\n\nThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21490"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113"
+    },
+    {
+      "type": "WEB",
+      "url": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1333"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-02-10T05:15:08Z"
+  }
+}

advisories/unreviewed/2024/02/GHSA-5mg2-7ppf-36vc/GHSA-5mg2-7ppf-36vc.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mg2-7ppf-36vc",
-  "modified": "2024-02-08T03:32:45Z",
+  "modified": "2024-02-10T06:30:19Z",
   "published": "2024-02-08T03:32:45Z",
   "aliases": [
     "CVE-2024-24017"
   ],
   "details": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-02-08T02:15:07Z"

advisories/unreviewed/2024/02/GHSA-68qx-6vr4-qq4p/GHSA-68qx-6vr4-qq4p.json

@@ -36,7 +36,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-862"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,