diff --git a/data/anchore/2023/CVE-2023-42509.json b/data/anchore/2023/CVE-2023-42509.json new file mode 100644 index 00000000..a18becba --- /dev/null +++ b/data/anchore/2023/CVE-2023-42509.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2023-42509", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*" + ], + "product": "Artifactory", + "vendor": "JFrog", + "versions": [ + { + "lessThan": "7.77.0", + "status": "affected", + "version": "7.17.4", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-42661.json b/data/anchore/2023/CVE-2023-42661.json new file mode 100644 index 00000000..2f44d6c4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-42661.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2023-42661", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*" + ], + "product": "Artifactory", + "vendor": "JFrog", + "versions": [ + { + "lessThan": "7.76.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-42662.json b/data/anchore/2023/CVE-2023-42662.json new file mode 100644 index 00000000..ceb0540e --- /dev/null +++ b/data/anchore/2023/CVE-2023-42662.json @@ -0,0 +1,51 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2023-42662", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*" + ], + "product": "Artifactory", + "vendor": "JFrog", + "versions": [ + { + "lessThan": "7.59.18", + "status": "affected", + "version": "7.59", + "versionType": "custom" + }, + { + "lessThan": "7.63.18", + "status": "affected", + "version": "7.60", + "versionType": "custom" + }, + { + "lessThan": "7.68.19", + "status": "affected", + "version": "7.64", + "versionType": "custom" + }, + { + "lessThan": "7.71.8", + "status": "affected", + "version": "7.69", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-2247.json b/data/anchore/2024/CVE-2024-2247.json new file mode 100644 index 00000000..4da9ca4d --- /dev/null +++ b/data/anchore/2024/CVE-2024-2247.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-2247", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*" + ], + "product": "Artifactory", + "vendor": "JFrog", + "versions": [ + { + "lessThan": "7.77.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "7.82.1", + "status": "affected", + "version": "7.78", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27132.json b/data/anchore/2024/CVE-2024-27132.json new file mode 100644 index 00000000..2998df62 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27132.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-27132", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/", + "https://github.com/mlflow/mlflow/pull/10873" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*" + ], + "packageName": "mlflow", + "versions": [ + { + "lessThan": "2.10.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-6749-m5cp-6cg7" + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27133.json b/data/anchore/2024/CVE-2024-27133.json new file mode 100644 index 00000000..e764e5d1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27133.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-27133", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/mlflow/mlflow/pull/10893", + "https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*" + ], + "packageName": "mlflow", + "versions": [ + { + "lessThan": "2.10.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-3v79-q7ph-j75h" + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-34391.json b/data/anchore/2024/CVE-2024-34391.json new file mode 100644 index 00000000..6548f257 --- /dev/null +++ b/data/anchore/2024/CVE-2024-34391.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-34391", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988/", + "https://github.com/libxmljs/libxmljs/issues/645" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://www.npmjs.com", + "cpes": [ + "cpe:2.3:a:libxmljs_project:libxmljs:*:*:*:*:*:node.js:*:*" + ], + "packageName": "libxmljs", + "versions": [ + { + "lessThanOrEqual": "1.0.11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-34392.json b/data/anchore/2024/CVE-2024-34392.json new file mode 100644 index 00000000..585e5f53 --- /dev/null +++ b/data/anchore/2024/CVE-2024-34392.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-34392", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/libxmljs/libxmljs/issues/646", + "https://research.jfrog.com/vulnerabilities/libxmljs-namespaces-type-confusion-rce-jfsa-2024-001034096/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://www.npmjs.com", + "cpes": [ + "cpe:2.3:a:libxmljs_project:libxmljs:*:*:*:*:*:node.js:*:*" + ], + "packageName": "libxmljs", + "versions": [ + { + "lessThanOrEqual": "1.0.11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-4142.json b/data/anchore/2024/CVE-2024-4142.json new file mode 100644 index 00000000..85a556dd --- /dev/null +++ b/data/anchore/2024/CVE-2024-4142.json @@ -0,0 +1,69 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-4142", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*" + ], + "product": "Artifactory", + "vendor": "JFrog", + "versions": [ + { + "lessThan": "7.84.6", + "status": "affected", + "version": "7.78", + "versionType": "custom" + }, + { + "lessThan": "7.77.11", + "status": "affected", + "version": "7.72", + "versionType": "custom" + }, + { + "lessThan": "7.71.21", + "status": "affected", + "version": "7.69", + "versionType": "custom" + }, + { + "lessThan": "7.68.21", + "status": "affected", + "version": "7.64", + "versionType": "custom" + }, + { + "lessThan": "7.63.21", + "status": "affected", + "version": "7.60", + "versionType": "custom" + }, + { + "lessThan": "7.59.22", + "status": "affected", + "version": "7.56", + "versionType": "custom" + }, + { + "lessThan": "7.55.17", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-4340.json b/data/anchore/2024/CVE-2024-4340.json new file mode 100644 index 00000000..30ca6b28 --- /dev/null +++ b/data/anchore/2024/CVE-2024-4340.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "jfrog", + "cveId": "CVE-2024-4340", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/advisories/GHSA-2m57-hf25-phgg", + "https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/", + "https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:sqlparse_project:sqlparse:*:*:*:*:*:python:*:*" + ], + "packageName": "sqlparse", + "versions": [ + { + "lessThan": "0.5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file