From 23c59181d5e35d08aa331ffcc53247fe698d3371 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Fri, 17 Jan 2025 21:28:17 +0000 Subject: [PATCH] 3 changes (1 new | 2 updated): - 1 new CVEs: CVE-2025-23207 - 2 updated CVEs: CVE-2023-50738, CVE-2024-57372 --- cves/2023/50xxx/CVE-2023-50738.json | 35 +++++------ cves/2024/57xxx/CVE-2024-57372.json | 66 ++++++++++++++++++++- cves/2025/23xxx/CVE-2025-23207.json | 91 +++++++++++++++++++++++++++++ cves/delta.json | 41 ++++++------- cves/deltaLog.json | 27 +++++++++ 5 files changed, 213 insertions(+), 47 deletions(-) create mode 100644 cves/2025/23xxx/CVE-2025-23207.json diff --git a/cves/2023/50xxx/CVE-2023-50738.json b/cves/2023/50xxx/CVE-2023-50738.json index 3ca4a3b93a3..9fbba55dc0c 100644 --- a/cves/2023/50xxx/CVE-2023-50738.json +++ b/cves/2023/50xxx/CVE-2023-50738.json @@ -8,7 +8,7 @@ "assignerShortName": "Lexmark", "dateReserved": "2023-12-11T20:00:38.337Z", "datePublished": "2025-01-17T21:10:44.220Z", - "dateUpdated": "2025-01-17T21:10:44.220Z" + "dateUpdated": "2025-01-17T21:27:34.693Z" }, "containers": { "cna": { @@ -71,28 +71,19 @@ ], "metrics": [ { - "cvssV4_0": { - "Automatable": "NOT_DEFINED", - "Recovery": "NOT_DEFINED", - "Safety": "NOT_DEFINED", + "cvssV3_1": { "attackComplexity": "LOW", - "attackRequirements": "NONE", - "attackVector": "NETWORK", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "privilegesRequired": "NONE", - "providerUrgency": "NOT_DEFINED", - "subAvailabilityImpact": "HIGH", - "subConfidentialityImpact": "HIGH", - "subIntegrityImpact": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", "userInteraction": "NONE", - "valueDensity": "NOT_DEFINED", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "version": "4.0", - "vulnAvailabilityImpact": "HIGH", - "vulnConfidentialityImpact": "HIGH", - "vulnIntegrityImpact": "HIGH", - "vulnerabilityResponseEffort": "NOT_DEFINED" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" }, "format": "CVSS", "scenarios": [ @@ -128,7 +119,7 @@ "providerMetadata": { "orgId": "7bc73191-a2b6-4c63-9918-753964601853", "shortName": "Lexmark", - "dateUpdated": "2025-01-17T21:10:44.220Z" + "dateUpdated": "2025-01-17T21:27:34.693Z" }, "references": [ { diff --git a/cves/2024/57xxx/CVE-2024-57372.json b/cves/2024/57xxx/CVE-2024-57372.json index 1149182e180..e1afc1fb3aa 100644 --- a/cves/2024/57xxx/CVE-2024-57372.json +++ b/cves/2024/57xxx/CVE-2024-57372.json @@ -5,7 +5,7 @@ "cveId": "CVE-2024-57372", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-17T19:33:12.424139", + "dateUpdated": "2025-01-17T21:24:49.324Z", "dateReserved": "2025-01-09T00:00:00", "datePublished": "2025-01-17T00:00:00" }, @@ -56,7 +56,69 @@ ] } ] - } + }, + "adp": [ + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-79", + "lang": "en", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 6.1, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-01-17T21:23:26.448697Z", + "id": "CVE-2024-57372", + "options": [ + { + "Exploitation": "poc" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-01-17T21:24:49.324Z" + } + } + ] }, "dataVersion": "5.1" } \ No newline at end of file diff --git a/cves/2025/23xxx/CVE-2025-23207.json b/cves/2025/23xxx/CVE-2025-23207.json new file mode 100644 index 00000000000..9d26038d896 --- /dev/null +++ b/cves/2025/23xxx/CVE-2025-23207.json @@ -0,0 +1,91 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-23207", + "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "state": "PUBLISHED", + "assignerShortName": "GitHub_M", + "dateReserved": "2025-01-13T17:15:41.050Z", + "datePublished": "2025-01-17T21:25:05.746Z", + "dateUpdated": "2025-01-17T21:25:05.746Z" + }, + "containers": { + "cna": { + "title": "\\htmlData does not validate attribute names in KaTeX", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-116", + "lang": "en", + "description": "CWE-116: Improper Encoding or Escaping of Output", + "type": "CWE" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + } + ], + "references": [ + { + "name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546", + "tags": [ + "x_refsource_CONFIRM" + ], + "url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546" + }, + { + "name": "https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c", + "tags": [ + "x_refsource_MISC" + ], + "url": "https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c" + } + ], + "affected": [ + { + "vendor": "KaTeX", + "product": "KaTeX", + "versions": [ + { + "version": ">= 0.12.0, < 0.16.21", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "shortName": "GitHub_M", + "dateUpdated": "2025-01-17T21:25:05.746Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\\htmlData` commands, forbid inputs containing the substring `\"\\\\htmlData\"` and sanitize HTML output from KaTeX." + } + ], + "source": { + "advisory": "GHSA-cg87-wmx4-v546", + "discovery": "UNKNOWN" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index df334492000..094988adf8b 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,31 +1,26 @@ { - "fetchTime": "2025-01-17T21:21:26.225Z", - "numberOfChanges": 4, - "new": [], - "updated": [ - { - "cveId": "CVE-2024-4350", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4350", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4350.json", - "dateUpdated": "2025-01-17T21:13:54.250Z" - }, + "fetchTime": "2025-01-17T21:28:05.414Z", + "numberOfChanges": 3, + "new": [ { - "cveId": "CVE-2024-57252", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-57252", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/57xxx/CVE-2024-57252.json", - "dateUpdated": "2025-01-17T21:14:18.996Z" - }, + "cveId": "CVE-2025-23207", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23207", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23207.json", + "dateUpdated": "2025-01-17T21:25:05.746Z" + } + ], + "updated": [ { - "cveId": "CVE-2025-0540", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-0540", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/0xxx/CVE-2025-0540.json", - "dateUpdated": "2025-01-17T21:17:31.754Z" + "cveId": "CVE-2023-50738", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-50738", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/50xxx/CVE-2023-50738.json", + "dateUpdated": "2025-01-17T21:27:34.693Z" }, { - "cveId": "CVE-2025-23940", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23940", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23940.json", - "dateUpdated": "2025-01-17T21:12:11.939Z" + "cveId": "CVE-2024-57372", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-57372", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/57xxx/CVE-2024-57372.json", + "dateUpdated": "2025-01-17T21:24:49.324Z" } ], "error": [] diff --git a/cves/deltaLog.json b/cves/deltaLog.json index f376d2382cf..783280cc7f3 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,31 @@ [ + { + "fetchTime": "2025-01-17T21:28:05.414Z", + "numberOfChanges": 3, + "new": [ + { + "cveId": "CVE-2025-23207", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23207", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23207.json", + "dateUpdated": "2025-01-17T21:25:05.746Z" + } + ], + "updated": [ + { + "cveId": "CVE-2023-50738", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-50738", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/50xxx/CVE-2023-50738.json", + "dateUpdated": "2025-01-17T21:27:34.693Z" + }, + { + "cveId": "CVE-2024-57372", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-57372", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/57xxx/CVE-2024-57372.json", + "dateUpdated": "2025-01-17T21:24:49.324Z" + } + ], + "error": [] + }, { "fetchTime": "2025-01-17T21:21:26.225Z", "numberOfChanges": 4,