1 changes (1 new | 0 updated):

- 1 new CVEs: CVE-2024-28865 - 0 updated CVEs:
CVEProject · Mar 18, 2024 · a81e67e · a81e67e
1 parent 9a0d022
commit a81e67e
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 12 deletions.
diff --git a/cves/2024/28xxx/CVE-2024-28865.json b/cves/2024/28xxx/CVE-2024-28865.json
@@ -0,0 +1,91 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.0",
+    "cveMetadata": {
+        "cveId": "CVE-2024-28865",
+        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+        "state": "PUBLISHED",
+        "assignerShortName": "GitHub_M",
+        "dateReserved": "2024-03-11T22:45:07.687Z",
+        "datePublished": "2024-03-18T21:53:59.877Z",
+        "dateUpdated": "2024-03-18T21:53:59.877Z"
+    },
+    "containers": {
+        "cna": {
+            "title": "django-wiki denial of service via regular expression",
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "cweId": "CWE-1333",
+                            "lang": "en",
+                            "description": "CWE-1333: Inefficient Regular Expression Complexity",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "metrics": [
+                {
+                    "cvssV3_1": {
+                        "attackComplexity": "LOW",
+                        "attackVector": "NETWORK",
+                        "availabilityImpact": "HIGH",
+                        "baseScore": 7.5,
+                        "baseSeverity": "HIGH",
+                        "confidentialityImpact": "NONE",
+                        "integrityImpact": "NONE",
+                        "privilegesRequired": "NONE",
+                        "scope": "UNCHANGED",
+                        "userInteraction": "NONE",
+                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                        "version": "3.1"
+                    }
+                }
+            ],
+            "references": [
+                {
+                    "name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h",
+                    "tags": [
+                        "x_refsource_CONFIRM"
+                    ],
+                    "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"
+                },
+                {
+                    "name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c",
+                    "tags": [
+                        "x_refsource_MISC"
+                    ],
+                    "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "django-wiki",
+                    "product": "django-wiki",
+                    "versions": [
+                        {
+                            "version": "< 0.10.1",
+                            "status": "affected"
+                        }
+                    ]
+                }
+            ],
+            "providerMetadata": {
+                "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+                "shortName": "GitHub_M",
+                "dateUpdated": "2024-03-18T21:53:59.877Z"
+            },
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users."
+                }
+            ],
+            "source": {
+                "advisory": "GHSA-wj85-w4f4-xh8h",
+                "discovery": "UNKNOWN"
+            }
+        }
+    }
+}
diff --git a/cves/delta.json b/cves/delta.json
@@ -1,18 +1,12 @@
 {
-  "fetchTime": "2024-03-18T21:52:25.354Z",
-  "numberOfChanges": 2,
+  "fetchTime": "2024-03-18T21:58:12.511Z",
+  "numberOfChanges": 1,
   "new": [
     {
-      "cveId": "CVE-2024-28855",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-28855",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/28xxx/CVE-2024-28855.json",
-      "dateUpdated": "2024-03-18T21:46:47.314Z"
-    },
-    {
-      "cveId": "CVE-2024-28864",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-28864",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/28xxx/CVE-2024-28864.json",
-      "dateUpdated": "2024-03-18T21:50:26.926Z"
+      "cveId": "CVE-2024-28865",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-28865",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/28xxx/CVE-2024-28865.json",
+      "dateUpdated": "2024-03-18T21:53:59.877Z"
     }
   ],
   "updated": [],

diff --git a/cves/deltaLog.json b/cves/deltaLog.json
@@ -1,4 +1,18 @@
 [
+  {
+    "fetchTime": "2024-03-18T21:58:12.511Z",
+    "numberOfChanges": 1,
+    "new": [
+      {
+        "cveId": "CVE-2024-28865",
+        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-28865",
+        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/28xxx/CVE-2024-28865.json",
+        "dateUpdated": "2024-03-18T21:53:59.877Z"
+      }
+    ],
+    "updated": [],
+    "error": []
+  },
   {
     "fetchTime": "2024-03-18T21:52:25.354Z",
     "numberOfChanges": 2,