From 0b3d579f0615da1776013d63d869803c523ec58e Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Mon, 8 Dec 2025 00:35:00 +0000 Subject: [PATCH 1/6] return outcome of conversions --- vulnfeeds/cmd/cve-bulk-converter/main.go | 5 +++-- vulnfeeds/cmd/cve-single-converter/main.go | 5 +++-- vulnfeeds/cvelist2osv/common.go | 21 +++++++++++++++++++++ vulnfeeds/cvelist2osv/converter.go | 10 +++++----- vulnfeeds/cvelist2osv/converter_test.go | 2 +- 5 files changed, 33 insertions(+), 10 deletions(-) diff --git a/vulnfeeds/cmd/cve-bulk-converter/main.go b/vulnfeeds/cmd/cve-bulk-converter/main.go index 065d098c4b4..2bb92c945f6 100644 --- a/vulnfeeds/cmd/cve-bulk-converter/main.go +++ b/vulnfeeds/cmd/cve-bulk-converter/main.go @@ -126,10 +126,11 @@ func worker(wg *sync.WaitGroup, jobs <-chan string, outDir string, cnas []string } // Perform the conversion and export the results. - if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, sourceLink); err != nil { + var outcome cvelist2osv.ConversionOutcome + if outcome, err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, sourceLink); err != nil { logger.Warn("Failed to generate an OSV record", slog.String("cve", string(cveID)), slog.Any("err", err)) } else { - logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName)) + logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName), slog.Any("outcome", outcome)) } metricsFile.Close() diff --git a/vulnfeeds/cmd/cve-single-converter/main.go b/vulnfeeds/cmd/cve-single-converter/main.go index 471e95fc161..5189c570a2a 100644 --- a/vulnfeeds/cmd/cve-single-converter/main.go +++ b/vulnfeeds/cmd/cve-single-converter/main.go @@ -51,10 +51,11 @@ func main() { } // Perform the conversion and export the results. - if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, ""); err != nil { + var outcome cvelist2osv.ConversionOutcome + if outcome, err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, ""); err != nil { logger.Warn("Failed to generate an OSV record", slog.String("cve", string(cveID)), slog.Any("err", err)) } else { - logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName)) + logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName), slog.Any("outcome", outcome)) } metricsFile.Close() diff --git a/vulnfeeds/cvelist2osv/common.go b/vulnfeeds/cvelist2osv/common.go index da185c331c5..c853091e176 100644 --- a/vulnfeeds/cvelist2osv/common.go +++ b/vulnfeeds/cvelist2osv/common.go @@ -53,6 +53,27 @@ const ( FixUnresolvable // Partial resolution of versions, resulting in a false positive. ) +func (c ConversionOutcome) String() string { + switch c { + case Successful: + return "Successful" + case Rejected: + return "Rejected" + case NoSoftware: + return "NoSoftware" + case NoRepos: + return "NoRepos" + case NoCommitRanges: + return "NoCommitRanges" + case NoRanges: + return "NoRanges" + case FixUnresolvable: + return "FixUnresolvable" + default: + return "Unknown" + } +} + // String returns the string representation of a VersionRangeType. func (vrt VersionRangeType) String() string { switch vrt { diff --git a/vulnfeeds/cvelist2osv/converter.go b/vulnfeeds/cvelist2osv/converter.go index 3f643659d8c..23367d90c7c 100644 --- a/vulnfeeds/cvelist2osv/converter.go +++ b/vulnfeeds/cvelist2osv/converter.go @@ -229,7 +229,7 @@ func determineOutcome(metrics *ConversionMetrics) { // ConvertAndExportCVEToOSV is the main function for this file. It takes a CVE, // converts it into an OSV record, collects metrics, and writes both to disk. -func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io.Writer, sourceLink string) error { +func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io.Writer, sourceLink string) (ConversionOutcome, error) { cveID := cve.Metadata.CVEID cnaAssigner := cve.Metadata.AssignerShortName references := identifyPossibleURLs(cve) @@ -261,21 +261,21 @@ func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io. err := v.ToJSON(vulnSink) if err != nil { logger.Info("Failed to write", slog.Any("err", err)) - return err + return metrics.Outcome, err } marshalledMetrics, err := json.MarshalIndent(&metrics, "", " ") if err != nil { logger.Info("Failed to marshal", slog.Any("err", err)) - return err + return metrics.Outcome, err } _, err = metricsSink.Write(marshalledMetrics) if err != nil { logger.Info("Failed to write", slog.Any("err", err)) - return err + return metrics.Outcome, err } - return nil + return metrics.Outcome, nil } // identifyPossibleURLs extracts all URLs from a CVE object. diff --git a/vulnfeeds/cvelist2osv/converter_test.go b/vulnfeeds/cvelist2osv/converter_test.go index 7ce0523525b..5d73721851d 100644 --- a/vulnfeeds/cvelist2osv/converter_test.go +++ b/vulnfeeds/cvelist2osv/converter_test.go @@ -583,7 +583,7 @@ func TestConvertAndExportCVEToOSV(t *testing.T) { t.Run(tc.name, func(t *testing.T) { vWriter := bytes.NewBuffer(nil) mWriter := bytes.NewBuffer(nil) - err := ConvertAndExportCVEToOSV(tc.cve, vWriter, mWriter, "") + _, err := ConvertAndExportCVEToOSV(tc.cve, vWriter, mWriter, "") if err != nil { t.Errorf("Unexpected error from ConvertAndExportCVEToOSV: %v", err) } From 50e044319b115c803234bd9d27be818ff8f29fea Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Mon, 8 Dec 2025 05:04:36 +0000 Subject: [PATCH 2/6] Create snapshot testing for CVE Conversion --- .../__snapshots__/cna/GitHub_M.snap | 180 ++++ .../cvelist2osv/__snapshots__/cna/GitLab.snap | 82 ++ .../cvelist2osv/__snapshots__/cna/Linux.snap | 364 ++++++++ .../cvelist2osv/__snapshots__/cna/apache.snap | 240 ++++++ .../cvelist2osv/__snapshots__/cna/mitre.snap | 154 ++++ .../cvelist2osv/__snapshots__/cna/snyk.snap | 85 ++ .../__snapshots__/conversion_outcomes.snap | 9 + vulnfeeds/cvelist2osv/snapshot_test.go | 76 ++ .../testdata/sampled_cves/CVE-2021-26917.json | 157 ++++ .../testdata/sampled_cves/CVE-2021-44228.json | 781 ++++++++++++++++++ .../testdata/sampled_cves/CVE-2022-25929.json | 193 +++++ .../testdata/sampled_cves/CVE-2023-23127.json | 59 ++ .../testdata/sampled_cves/CVE-2023-38408.json | 118 +++ .../testdata/sampled_cves/CVE-2023-45803.json | 197 +++++ .../testdata/sampled_cves/CVE-2024-21634.json | 136 +++ .../testdata/sampled_cves/CVE-2025-1110.json | 151 ++++ .../testdata/sampled_cves/CVE-2025-21631.json | 267 ++++++ .../testdata/sampled_cves/CVE-2025-21772.json | 230 ++++++ 18 files changed, 3479 insertions(+) create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap create mode 100755 vulnfeeds/cvelist2osv/__snapshots__/conversion_outcomes.snap create mode 100644 vulnfeeds/cvelist2osv/snapshot_test.go create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-26917.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-44228.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2022-25929.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-23127.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-38408.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-45803.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2024-21634.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-1110.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21631.json create mode 100644 vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21772.json diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap new file mode 100755 index 00000000000..9d943b0d7ef --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap @@ -0,0 +1,180 @@ + +[TestSnapshotConversion/CVE-2023-45803.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "database_specific": { + "versions": [ + { + "introduced": "2.0.0" + }, + { + "fixed": "2.0.7" + } + ] + }, + "events": [ + { + "introduced": "6446fef0cf432ca035169602a1447a0d8ef53e80" + }, + { + "fixed": "56f01e088dc006c03d4ee6ea9da4ab810f1ed700" + } + ], + "repo": "https://github.com/urllib3/urllib3", + "type": "GIT" + }, + { + "database_specific": { + "versions": [ + { + "introduced": "0" + }, + { + "fixed": "1.26.18" + } + ] + }, + "events": [ + { + "introduced": "0" + }, + { + "fixed": "9c2c2307dd1d6af504e09aac0326d86ee3597a0b" + } + ], + "repo": "https://github.com/urllib3/urllib3", + "type": "GIT" + } + ] + } + ], + "aliases": [ + "GHSA-g4mx-q9vg-27p4" + ], + "database_specific": { + "cna_assigner": "GitHub_M", + "cwe_ids": [ + "CWE-200" + ], + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.", + "id": "CVE-2023-45803", + "modified": "2025-02-13T17:14:11.578Z", + "published": "2023-10-17T19:43:45.404Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "FIX", + "url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9" + }, + { + "type": "ADVISORY", + "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803" + }, + { + "type": "WEB", + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "type": "CVSS_V3" + } + ], + "summary": "Request body not stripped after redirect in urllib3" +} +--- + +[TestSnapshotConversion/CVE-2024-21634.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "database_specific": { + "versions": [ + { + "introduced": "0" + }, + { + "fixed": "1.10.5" + } + ] + }, + "events": [ + { + "introduced": "0" + }, + { + "fixed": "019a6117fb99131f74f92ecf462169613234abbf" + } + ], + "repo": "https://github.com/amazon-ion/ion-java", + "type": "GIT" + } + ] + } + ], + "aliases": [ + "GHSA-264p-99wq-f4j6" + ], + "database_specific": { + "cna_assigner": "GitHub_M", + "cwe_ids": [ + "CWE-770" + ], + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.", + "id": "CVE-2024-21634", + "modified": "2025-06-16T19:45:37.088Z", + "published": "2024-01-03T22:46:03.585Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "ADVISORY", + "url": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21634" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "type": "CVSS_V3" + } + ], + "summary": "Ion Java StackOverflow vulnerability" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap new file mode 100755 index 00000000000..f09cca9cd19 --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap @@ -0,0 +1,82 @@ + +[TestSnapshotConversion/CVE-2025-1110.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "database_specific": { + "versions": [ + { + "introduced": "18.0" + }, + { + "fixed": "18.0.1" + } + ] + }, + "events": [ + { + "introduced": "504fd9e5236e13d674e051c6b8a1e9892b371c58" + }, + { + "fixed": "3426be1b93852c5358240c5df40970c0ddfbdb2a" + } + ], + "repo": "https://gitlab.com/gitlab-org/gitlab", + "type": "GIT" + } + ] + } + ], + "database_specific": { + "cna_assigner": "GitLab", + "cwe_ids": [ + "CWE-1220" + ], + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.", + "id": "CVE-2025-1110", + "modified": "2025-05-22T14:17:44.379Z", + "published": "2025-05-22T14:02:31.385Z", + "references": [ + { + "type": "PACKAGE", + "url": "git://git@gitlab.com:gitlab-org/gitlab.git" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "REPORT", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/517693" + }, + { + "type": "REPORT", + "url": "https://hackerone.com/reports/2972576" + }, + { + "type": "ARTICLE", + "url": "https://hackerone.com/reports/2972576" + }, + { + "type": "EVIDENCE", + "url": "https://hackerone.com/reports/2972576" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1110" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "type": "CVSS_V3" + } + ], + "summary": "Insufficient Granularity of Access Control in GitLab" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap new file mode 100755 index 00000000000..a1472e9b82b --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap @@ -0,0 +1,364 @@ + +[TestSnapshotConversion/CVE-2025-21631.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "events": [ + { + "introduced": "63a07379fdb6c72450cb05294461c6016b8b7726" + }, + { + "fixed": "f587c1ac68956c4703857d650d9b1cd7bb2ac4d7" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "de0456460f2abf921e356ed2bd8da87a376680bd" + }, + { + "fixed": "2550149fcdf2934155ff625d76ad4e3d4b25bbc6" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "0780451f03bf518bc032a7c584de8f92e2d39d7f" + }, + { + "fixed": "be3eed59ac01f429ac10aaa46e26f653bcf581ab" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "1ba0403ac6447f2d63914fb760c44a3b19c44eaf" + }, + { + "fixed": "bc2aeb35ff167e0c6b0cedf0c96a5c41e6cba1ed" + }, + { + "fixed": "fcede1f0a043ccefe9bc6ad57f12718e42f63f1d" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "0b8bda0ff17156cd3f60944527c9d8c9f99f1583" + }, + { + "last_affected": "cae58d19121a70329cf971359e2518c93fec04fe" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + } + ] + }, + { + "package": { + "ecosystem": "Linux", + "name": "Kernel" + }, + "ranges": [ + { + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.15.177" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "5.16.0" + }, + { + "fixed": "6.1.125" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "6.2.0" + }, + { + "fixed": "6.6.72" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "6.7.0" + }, + { + "fixed": "6.12.10" + } + ], + "type": "ECOSYSTEM" + } + ] + } + ], + "database_specific": { + "cna_assigner": "Linux", + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:67\n \u003c/TASK\u003e", + "id": "CVE-2025-21631", + "modified": "2025-05-04T13:05:59.494Z", + "published": "2025-01-19T10:17:49.439Z", + "references": [ + { + "type": "PACKAGE", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2550149fcdf2934155ff625d76ad4e3d4b25bbc6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bc2aeb35ff167e0c6b0cedf0c96a5c41e6cba1ed" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/be3eed59ac01f429ac10aaa46e26f653bcf581ab" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f587c1ac68956c4703857d650d9b1cd7bb2ac4d7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fcede1f0a043ccefe9bc6ad57f12718e42f63f1d" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21631" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "type": "CVSS_V3" + } + ], + "summary": "block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()" +} +--- + +[TestSnapshotConversion/CVE-2025-21772.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "events": [ + { + "introduced": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2" + }, + { + "fixed": "a3e77da9f843e4ab93917d30c314f0283e28c124" + }, + { + "fixed": "213ba5bd81b7e97ac6e6190b8f3bc6ba76123625" + }, + { + "fixed": "40a35d14f3c0dc72b689061ec72fc9b193f37d1f" + }, + { + "fixed": "27a39d006f85e869be68c1d5d2ce05e5d6445bf5" + }, + { + "fixed": "92527100be38ede924768f4277450dfe8a40e16b" + }, + { + "fixed": "6578717ebca91678131d2b1f4ba4258e60536e9f" + }, + { + "fixed": "7fa9706722882f634090bfc9af642bf9ed719e27" + }, + { + "fixed": "80e648042e512d5a767da251d44132553fe04ae0" + } + ], + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "type": "GIT" + } + ] + }, + { + "package": { + "ecosystem": "Linux", + "name": "Kernel" + }, + "ranges": [ + { + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.4.291" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "5.5.0" + }, + { + "fixed": "5.10.235" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "5.11.0" + }, + { + "fixed": "5.15.179" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "5.16.0" + }, + { + "fixed": "6.1.129" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "6.2.0" + }, + { + "fixed": "6.6.79" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "6.7.0" + }, + { + "fixed": "6.12.16" + } + ], + "type": "ECOSYSTEM" + }, + { + "events": [ + { + "introduced": "6.13.0" + }, + { + "fixed": "6.13.4" + } + ], + "type": "ECOSYSTEM" + } + ] + } + ], + "database_specific": { + "cna_assigner": "Linux", + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().", + "id": "CVE-2025-21772", + "modified": "2025-05-04T07:20:46.575Z", + "published": "2025-02-27T02:18:19.528Z", + "references": [ + { + "type": "PACKAGE", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/40a35d14f3c0dc72b689061ec72fc9b193f37d1f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a3e77da9f843e4ab93917d30c314f0283e28c124" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21772" + } + ], + "schema_version": "1.7.3", + "summary": "partitions: mac: fix handling of bogus partition table" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap new file mode 100755 index 00000000000..e4e11446fe4 --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap @@ -0,0 +1,240 @@ + +[TestSnapshotConversion/CVE-2021-44228.json - 1] +{ + "database_specific": { + "cna_assigner": "apache", + "cwe_ids": [ + "CWE-20", + "CWE-400", + "CWE-502" + ], + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", + "id": "CVE-2021-44228", + "modified": "2025-02-04T14:25:37.215Z", + "published": "2021-12-10T00:00:00Z", + "references": [ + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html" + }, + { + "type": "ARTICLE", + "url": "http://seclists.org/fulldisclosure/2022/Dec/2" + }, + { + "type": "ARTICLE", + "url": "http://seclists.org/fulldisclosure/2022/Jul/11" + }, + { + "type": "ARTICLE", + "url": "http://seclists.org/fulldisclosure/2022/Mar/23" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "type": "WEB", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "type": "WEB", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "type": "WEB", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "type": "WEB", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "PACKAGE", + "url": "https://github.com/cisagov/log4j-affected-db" + }, + { + "type": "WEB", + "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" + }, + { + "type": "WEB", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" + }, + { + "type": "ARTICLE", + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" + }, + { + "type": "ADVISORY", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" + }, + { + "type": "ADVISORY", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" + }, + { + "type": "WEB", + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "type": "ADVISORY", + "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" + }, + { + "type": "WEB", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "type": "ADVISORY", + "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" + }, + { + "type": "WEB", + "url": "https://support.apple.com/kb/HT213189" + }, + { + "type": "ADVISORY", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "type": "WEB", + "url": "https://twitter.com/kurtseifried/status/1469345530182455296" + }, + { + "type": "WEB", + "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" + }, + { + "type": "ADVISORY", + "url": "https://www.debian.org/security/2021/dsa-5020" + }, + { + "type": "ADVISORY", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "type": "ADVISORY", + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "type": "WEB", + "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" + }, + { + "type": "WEB", + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "type": "WEB", + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "type": "WEB", + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "type": "CVSS_V3" + } + ], + "summary": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap new file mode 100755 index 00000000000..374064bacf5 --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap @@ -0,0 +1,154 @@ + +[TestSnapshotConversion/CVE-2021-26917.json - 1] +{ + "database_specific": { + "cna_assigner": "mitre", + "isDisputed": true, + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states \"security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.\" NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker", + "id": "CVE-2021-26917", + "modified": "2021-02-08T22:22:51Z", + "published": "2021-02-08T22:22:51Z", + "references": [ + { + "type": "WEB", + "url": "https://attack.mitre.org/techniques/T1113/" + }, + { + "type": "WEB", + "url": "https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37" + }, + { + "type": "PACKAGE", + "url": "https://github.com/Bitmessage/PyBitmessage/releases" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26917" + }, + { + "type": "WEB", + "url": "https://poal.co/s/technology/290479" + } + ], + "schema_version": "1.7.3" +} +--- + +[TestSnapshotConversion/CVE-2023-23127.json - 1] +{ + "database_specific": { + "cna_assigner": "mitre", + "isDisputed": true, + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.", + "id": "CVE-2023-23127", + "modified": "2023-02-02T00:00:00Z", + "published": "2023-02-01T00:00:00Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "PACKAGE", + "url": "https://github.com/l00neyhacker/CVE-2023-23127" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23127" + } + ], + "schema_version": "1.7.3" +} +--- + +[TestSnapshotConversion/CVE-2023-38408.json - 1] +{ + "database_specific": { + "cna_assigner": "mitre", + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", + "id": "CVE-2023-38408", + "modified": "2023-08-03T00:00:00Z", + "published": "2023-07-20T00:00:00Z", + "references": [ + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" + }, + { + "type": "ARTICLE", + "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" + }, + { + "type": "ARTICLE", + "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" + }, + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "FIX", + "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" + }, + { + "type": "FIX", + "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" + }, + { + "type": "FIX", + "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" + }, + { + "type": "ADVISORY", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" + }, + { + "type": "ADVISORY", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" + }, + { + "type": "WEB", + "url": "https://news.ycombinator.com/item?id=36790196" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408" + }, + { + "type": "ADVISORY", + "url": "https://security.gentoo.org/glsa/202307-01" + }, + { + "type": "ADVISORY", + "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" + }, + { + "type": "WEB", + "url": "https://www.openssh.com/security.html" + }, + { + "type": "WEB", + "url": "https://www.openssh.com/txt/release-9.3p2" + }, + { + "type": "WEB", + "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" + } + ], + "schema_version": "1.7.3" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap new file mode 100755 index 00000000000..46353273f16 --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap @@ -0,0 +1,85 @@ + +[TestSnapshotConversion/CVE-2022-25929.json - 1] +{ + "affected": [ + { + "ranges": [ + { + "database_specific": { + "versions": [ + { + "introduced": "0" + }, + { + "last_affected": "1.31.0" + }, + { + "fixed": "1.36.1" + } + ] + }, + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "18155960fee032ea7a7059d08e2667a612dbfd92" + }, + { + "fixed": "e9d6c5f579232d6cbacaf9eeca07e0408fd20e33" + } + ], + "repo": "https://github.com/joewalnes/smoothie", + "type": "GIT" + } + ] + } + ], + "database_specific": { + "cna_assigner": "snyk", + "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + "details": "The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.", + "id": "CVE-2022-25929", + "modified": "2025-04-16T18:32:19.005Z", + "published": "2022-12-21T23:14:33.786Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + }, + { + "type": "FIX", + "url": "https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb9606a98" + }, + { + "type": "FIX", + "url": "https://github.com/joewalnes/smoothie/pull/147" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25929" + }, + { + "type": "WEB", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369" + }, + { + "type": "WEB", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368" + }, + { + "type": "WEB", + "url": "https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", + "type": "CVSS_V3" + } + ], + "summary": "Cross-site Scripting (XSS)" +} +--- diff --git a/vulnfeeds/cvelist2osv/__snapshots__/conversion_outcomes.snap b/vulnfeeds/cvelist2osv/__snapshots__/conversion_outcomes.snap new file mode 100755 index 00000000000..f94b6e243a8 --- /dev/null +++ b/vulnfeeds/cvelist2osv/__snapshots__/conversion_outcomes.snap @@ -0,0 +1,9 @@ + +[TestSnapshotConversion - 1] +Conversion Outcomes: +NoCommitRanges: 1 +NoRanges: 4 +NoRepos: 1 +Successful: 4 + +--- diff --git a/vulnfeeds/cvelist2osv/snapshot_test.go b/vulnfeeds/cvelist2osv/snapshot_test.go new file mode 100644 index 00000000000..4dd208052fd --- /dev/null +++ b/vulnfeeds/cvelist2osv/snapshot_test.go @@ -0,0 +1,76 @@ +package cvelist2osv + +import ( + "bytes" + "fmt" + "os" + "path/filepath" + "sort" + "strings" + "testing" + + "github.com/gkampitakis/go-snaps/snaps" +) + +// TestSnapshotConversion runs the conversion process on a sample of CVEs and +// creates snapshots of the output for comparison. This is used for monitoring +// progressions and regressions when making changes to the converter. +func TestSnapshotConversion(t *testing.T) { + testDataDir := "testdata/sampled_cves" + files, err := os.ReadDir(testDataDir) + if err != nil { + t.Fatalf("Failed to read test data directory: %v", err) + } + + stats := make(map[string]int) + for _, file := range files { + if !strings.HasSuffix(file.Name(), ".json") { + continue + } + + t.Run(file.Name(), func(t *testing.T) { + path := filepath.Join(testDataDir, file.Name()) + cve := loadTestCVE(t, path) + + vWriter := bytes.NewBuffer(nil) + mWriter := bytes.NewBuffer(nil) + + // We use a fixed source link for stability in snapshots if it's used in output + sourceLink := "https://github.com/CVEProject/cvelistV5/tree/main/cves/..." + + outcome, err := ConvertAndExportCVEToOSV(cve, vWriter, mWriter, sourceLink) + if err != nil { + t.Errorf("ConvertAndExportCVEToOSV failed: %v", err) + } + stats[outcome.String()]++ + + // Normalize the output for snapshot stability if necessary + // For now, we assume ConvertAndExportCVEToOSV produces deterministic output + // given the same input and source link. + + cna := cve.Metadata.AssignerShortName + if cna == "" { + cna = "unknown" + } + // Sanitize CNA name for filename + cna = strings.ReplaceAll(cna, "/", "_") + cna = strings.ReplaceAll(cna, "\\", "_") + + snaps.WithConfig(snaps.Filename("cna-snaps/"+cna)).MatchSnapshot(t, vWriter.String()) + }) + } + + // Sort keys for deterministic output + var keys []string + for k := range stats { + keys = append(keys, k) + } + sort.Strings(keys) + + var statsOutput strings.Builder + statsOutput.WriteString("Conversion Outcomes:\n") + for _, k := range keys { + statsOutput.WriteString(fmt.Sprintf("%s: %d\n", k, stats[k])) + } + snaps.WithConfig(snaps.Filename("conversion_outcomes")).MatchSnapshot(t, statsOutput.String()) +} diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-26917.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-26917.json new file mode 100644 index 00000000000..aa76391e9ec --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-26917.json @@ -0,0 +1,157 @@ +{ + "containers": { + "cna": { + "affected": [ + { + "product": "n/a", + "vendor": "n/a", + "versions": [ + { + "status": "affected", + "version": "n/a" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states \"security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.\" NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "n/a", + "lang": "en", + "type": "text" + } + ] + } + ], + "providerMetadata": { + "dateUpdated": "2021-02-08T22:22:51", + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre" + }, + "references": [ + { + "tags": [ + "x_refsource_MISC" + ], + "url": "https://poal.co/s/technology/290479" + }, + { + "tags": [ + "x_refsource_MISC" + ], + "url": "https://github.com/Bitmessage/PyBitmessage/releases" + }, + { + "tags": [ + "x_refsource_MISC" + ], + "url": "https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37" + }, + { + "tags": [ + "x_refsource_MISC" + ], + "url": "https://attack.mitre.org/techniques/T1113/" + } + ], + "tags": [ + "disputed" + ], + "x_legacyV4Record": { + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-26917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states \"security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host.\" NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://poal.co/s/technology/290479", + "refsource": "MISC", + "url": "https://poal.co/s/technology/290479" + }, + { + "name": "https://github.com/Bitmessage/PyBitmessage/releases", + "refsource": "MISC", + "url": "https://github.com/Bitmessage/PyBitmessage/releases" + }, + { + "name": "https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37", + "refsource": "MISC", + "url": "https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37" + }, + { + "name": "https://attack.mitre.org/techniques/T1113/", + "refsource": "MISC", + "url": "https://attack.mitre.org/techniques/T1113/" + } + ] + } + } + } + }, + "cveMetadata": { + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "cveId": "CVE-2021-26917", + "datePublished": "2021-02-08T22:22:51", + "dateReserved": "2021-02-08T00:00:00", + "dateUpdated": "2021-02-08T22:22:51", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-44228.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-44228.json new file mode 100644 index 00000000000..94f0fd3bcc7 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2021-44228.json @@ -0,0 +1,781 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2021-44228", + "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "assignerShortName": "apache", + "dateUpdated": "2025-02-04T14:25:37.215Z", + "dateReserved": "2021-11-26T00:00:00.000Z", + "datePublished": "2021-12-10T00:00:00.000Z" + }, + "containers": { + "cna": { + "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "providerMetadata": { + "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "shortName": "apache", + "dateUpdated": "2023-04-03T00:00:00.000Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects." + } + ], + "affected": [ + { + "vendor": "Apache Software Foundation", + "product": "Apache Log4j2", + "versions": [ + { + "version": "2.0-beta9", + "status": "affected", + "lessThan": "log4j-core*", + "versionType": "custom", + "changes": [ + { + "at": "2.3.1", + "status": "unaffected" + }, + { + "at": "2.4", + "status": "affected" + }, + { + "at": "2.12.2", + "status": "unaffected" + }, + { + "at": "2.13.0", + "status": "affected" + }, + { + "at": "2.15.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" + }, + { + "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" + }, + { + "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "name": "DSA-5020", + "tags": [ + "vendor-advisory" + ], + "url": "https://www.debian.org/security/2021/dsa-5020" + }, + { + "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", + "tags": [ + "mailing-list" + ], + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" + }, + { + "name": "FEDORA-2021-f0f501d01f", + "tags": [ + "vendor-advisory" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" + }, + { + "name": "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", + "tags": [ + "vendor-advisory" + ], + "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" + }, + { + "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" + }, + { + "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" + }, + { + "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "VU#930724", + "tags": [ + "third-party-advisory" + ], + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://twitter.com/kurtseifried/status/1469345530182455296" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" + }, + { + "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" + }, + { + "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" + }, + { + "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" + }, + { + "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" + }, + { + "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "name": "FEDORA-2021-66d6c484f3", + "tags": [ + "vendor-advisory" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" + }, + { + "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" + }, + { + "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" + }, + { + "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", + "tags": [ + "mailing-list" + ], + "url": "http://seclists.org/fulldisclosure/2022/Mar/23" + }, + { + "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db" + }, + { + "url": "https://support.apple.com/kb/HT213189" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" + }, + { + "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" + }, + { + "name": "20220721 Open-Xchange Security Advisory 2022-07-21", + "tags": [ + "mailing-list" + ], + "url": "http://seclists.org/fulldisclosure/2022/Jul/11" + }, + { + "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html" + }, + { + "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html" + }, + { + "name": "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", + "tags": [ + "mailing-list" + ], + "url": "http://seclists.org/fulldisclosure/2022/Dec/2" + }, + { + "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html" + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team." + } + ], + "metrics": [ + { + "other": { + "type": "unknown", + "content": { + "other": "critical" + } + } + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "lang": "en", + "description": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "lang": "en", + "description": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "lang": "en", + "description": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ], + "x_generator": { + "engine": "Vulnogram 0.0.9" + }, + "source": { + "discovery": "UNKNOWN" + } + }, + "adp": [ + { + "providerMetadata": { + "orgId": "af854a3a-2127-422b-91ae-364da2661108", + "shortName": "CVE", + "dateUpdated": "2024-08-04T04:17:24.696Z" + }, + "title": "CVE Program Container", + "references": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" + }, + { + "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211210-0007/", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "DSA-5020", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://www.debian.org/security/2021/dsa-5020" + }, + { + "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" + }, + { + "name": "FEDORA-2021-f0f501d01f", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" + }, + { + "name": "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" + }, + { + "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" + }, + { + "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" + }, + { + "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "VU#930724", + "tags": [ + "third-party-advisory", + "x_transferred" + ], + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://twitter.com/kurtseifried/status/1469345530182455296", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", + "tags": [ + "x_transferred" + ] + }, + { + "name": "FEDORA-2021-66d6c484f3", + "tags": [ + "vendor-advisory", + "x_transferred" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" + }, + { + "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://seclists.org/fulldisclosure/2022/Mar/23" + }, + { + "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://github.com/cisagov/log4j-affected-db", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://support.apple.com/kb/HT213189", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "20220721 Open-Xchange Security Advisory 2022-07-21", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://seclists.org/fulldisclosure/2022/Jul/11" + }, + { + "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", + "tags": [ + "x_transferred" + ] + }, + { + "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", + "tags": [ + "x_transferred" + ] + }, + { + "name": "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", + "tags": [ + "mailing-list", + "x_transferred" + ], + "url": "http://seclists.org/fulldisclosure/2022/Dec/2" + }, + { + "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", + "tags": [ + "x_transferred" + ] + } + ] + }, + { + "metrics": [ + { + "cvssV3_1": { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 10, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-04T14:25:34.416117Z", + "id": "CVE-2021-44228", + "options": [ + { + "Exploitation": "active" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + }, + { + "other": { + "type": "kev", + "content": { + "dateAdded": "2021-12-10", + "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44228" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-04T14:25:37.215Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2022-25929.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2022-25929.json new file mode 100644 index 00000000000..cb3306b6dd6 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2022-25929.json @@ -0,0 +1,193 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2022-25929", + "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", + "assignerShortName": "snyk", + "dateUpdated": "2025-04-16T18:32:19.005Z", + "dateReserved": "2022-02-24T00:00:00.000Z", + "datePublished": "2022-12-21T23:14:33.786Z" + }, + "containers": { + "cna": { + "title": "Cross-site Scripting (XSS)", + "datePublic": "2022-12-21T00:00:00.000Z", + "providerMetadata": { + "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", + "shortName": "snyk", + "dateUpdated": "2022-12-21T00:00:00.000Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "smoothie", + "versions": [ + { + "version": "1.31.0", + "status": "affected", + "lessThan": "unspecified", + "versionType": "custom" + }, + { + "version": "unspecified", + "lessThan": "1.36.1", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369" + }, + { + "url": "https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb9606a98" + }, + { + "url": "https://github.com/joewalnes/smoothie/pull/147" + } + ], + "credits": [ + { + "lang": "en", + "value": "WofWca" + } + ], + "metrics": [ + { + "cvssV3_1": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "exploitCodeMaturity": "PROOF_OF_CONCEPT", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "baseScore": 5.4, + "temporalScore": 5.1, + "baseSeverity": "MEDIUM", + "temporalSeverity": "MEDIUM" + } + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "adp": [ + { + "providerMetadata": { + "orgId": "af854a3a-2127-422b-91ae-364da2661108", + "shortName": "CVE", + "dateUpdated": "2024-08-03T04:49:44.153Z" + }, + "title": "CVE Program Container", + "references": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb9606a98", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://github.com/joewalnes/smoothie/pull/147", + "tags": [ + "x_transferred" + ] + } + ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-79", + "lang": "en", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ], + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-04-16T18:32:07.725384Z", + "id": "CVE-2022-25929", + "options": [ + { + "Exploitation": "poc" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-04-16T18:32:19.005Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-23127.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-23127.json new file mode 100644 index 00000000000..d3aa659c95a --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-23127.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2023-23127", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2023-02-02T00:00:00", + "dateReserved": "2023-01-11T00:00:00", + "datePublished": "2023-02-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2023-02-02T00:00:00" + }, + "descriptions": [ + { + "lang": "en", + "value": "In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting." + } + ], + "tags": [ + "disputed" + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/l00neyhacker/CVE-2023-23127" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-38408.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-38408.json new file mode 100644 index 00000000000..64a3ad35709 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-38408.json @@ -0,0 +1,118 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2023-38408", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2023-08-03T00:00:00", + "dateReserved": "2023-07-17T00:00:00", + "datePublished": "2023-07-20T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2023-08-03T00:00:00" + }, + "descriptions": [ + { + "lang": "en", + "value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://news.ycombinator.com/item?id=36790196" + }, + { + "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" + }, + { + "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" + }, + { + "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" + }, + { + "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" + }, + { + "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" + }, + { + "url": "https://www.openssh.com/txt/release-9.3p2" + }, + { + "url": "https://www.openssh.com/security.html" + }, + { + "name": "GLSA-202307-01", + "tags": [ + "vendor-advisory" + ], + "url": "https://security.gentoo.org/glsa/202307-01" + }, + { + "name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" + }, + { + "name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released", + "tags": [ + "mailing-list" + ], + "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" + }, + { + "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" + }, + { + "name": "FEDORA-2023-878e04f4ae", + "tags": [ + "vendor-advisory" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" + }, + { + "name": "FEDORA-2023-79a18e1725", + "tags": [ + "vendor-advisory" + ], + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-45803.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-45803.json new file mode 100644 index 00000000000..99469ff00c9 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2023-45803.json @@ -0,0 +1,197 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45803", + "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "state": "PUBLISHED", + "assignerShortName": "GitHub_M", + "dateReserved": "2023-10-13T12:00:50.435Z", + "datePublished": "2023-10-17T19:43:45.404Z", + "dateUpdated": "2025-02-13T17:14:11.578Z" + }, + "containers": { + "cna": { + "title": "Request body not stripped after redirect in urllib3", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-200", + "lang": "en", + "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "type": "CWE" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + } + ], + "references": [ + { + "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", + "tags": [ + "x_refsource_CONFIRM" + ], + "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4" + }, + { + "name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", + "tags": [ + "x_refsource_MISC" + ], + "url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9" + }, + { + "name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", + "tags": [ + "x_refsource_MISC" + ], + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/" + } + ], + "affected": [ + { + "vendor": "urllib3", + "product": "urllib3", + "versions": [ + { + "version": ">= 2.0.0, < 2.0.7", + "status": "affected" + }, + { + "version": "< 1.26.18", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "shortName": "GitHub_M", + "dateUpdated": "2023-11-03T21:06:24.988Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body." + } + ], + "source": { + "advisory": "GHSA-g4mx-q9vg-27p4", + "discovery": "UNKNOWN" + } + }, + "adp": [ + { + "providerMetadata": { + "orgId": "af854a3a-2127-422b-91ae-364da2661108", + "shortName": "CVE", + "dateUpdated": "2024-08-02T20:29:32.441Z" + }, + "title": "CVE Program Container", + "references": [ + { + "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", + "tags": [ + "x_refsource_CONFIRM", + "x_transferred" + ], + "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4" + }, + { + "name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", + "tags": [ + "x_refsource_MISC", + "x_transferred" + ], + "url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9" + }, + { + "name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", + "tags": [ + "x_refsource_MISC", + "x_transferred" + ], + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/", + "tags": [ + "x_transferred" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", + "tags": [ + "x_transferred" + ] + } + ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2024-09-13T15:56:19.991921Z", + "id": "CVE-2023-45803", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2024-09-13T15:56:30.487Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2024-21634.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2024-21634.json new file mode 100644 index 00000000000..2f22c32acc8 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2024-21634.json @@ -0,0 +1,136 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-21634", + "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "state": "PUBLISHED", + "assignerShortName": "GitHub_M", + "dateReserved": "2023-12-29T03:00:44.955Z", + "datePublished": "2024-01-03T22:46:03.585Z", + "dateUpdated": "2025-06-16T19:45:37.088Z" + }, + "containers": { + "cna": { + "title": "Ion Java StackOverflow vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-770", + "lang": "en", + "description": "CWE-770: Allocation of Resources Without Limits or Throttling", + "type": "CWE" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + } + ], + "references": [ + { + "name": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6", + "tags": [ + "x_refsource_CONFIRM" + ], + "url": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6" + } + ], + "affected": [ + { + "vendor": "amazon-ion", + "product": "ion-java", + "versions": [ + { + "version": "< 1.10.5", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "shortName": "GitHub_M", + "dateUpdated": "2024-01-03T22:46:03.585Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with." + } + ], + "source": { + "advisory": "GHSA-264p-99wq-f4j6", + "discovery": "UNKNOWN" + } + }, + "adp": [ + { + "providerMetadata": { + "orgId": "af854a3a-2127-422b-91ae-364da2661108", + "shortName": "CVE", + "dateUpdated": "2024-08-01T22:27:35.757Z" + }, + "title": "CVE Program Container", + "references": [ + { + "name": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6", + "tags": [ + "x_refsource_CONFIRM", + "x_transferred" + ], + "url": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6" + } + ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2024-01-30T20:22:58.626217Z", + "id": "CVE-2024-21634", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-06-16T19:45:37.088Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-1110.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-1110.json new file mode 100644 index 00000000000..6b7a32e8d46 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-1110.json @@ -0,0 +1,151 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-1110", + "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", + "state": "PUBLISHED", + "assignerShortName": "GitLab", + "dateReserved": "2025-02-07T14:02:01.888Z", + "datePublished": "2025-05-22T14:02:31.385Z", + "dateUpdated": "2025-05-22T14:17:44.379Z" + }, + "containers": { + "cna": { + "title": "Insufficient Granularity of Access Control in GitLab", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query." + } + ], + "affected": [ + { + "vendor": "GitLab", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "versions": [ + { + "version": "18.0", + "status": "affected", + "lessThan": "18.0.1", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "CWE-1220: Insufficient Granularity of Access Control", + "cweId": "CWE-1220", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/517693", + "name": "GitLab Issue #517693", + "tags": [ + "issue-tracking", + "permissions-required" + ] + }, + { + "url": "https://hackerone.com/reports/2972576", + "name": "HackerOne Bug Bounty Report #2972576", + "tags": [ + "technical-description", + "exploit", + "permissions-required" + ] + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + } + } + ], + "solutions": [ + { + "lang": "en", + "value": "Upgrade to versions 18.0.1 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program", + "type": "finder" + } + ], + "providerMetadata": { + "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", + "shortName": "GitLab", + "dateUpdated": "2025-05-22T14:02:31.385Z" + } + }, + "adp": [ + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-05-22T14:17:35.369233Z", + "id": "CVE-2025-1110", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-05-22T14:17:44.379Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21631.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21631.json new file mode 100644 index 00000000000..28cf823a466 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21631.json @@ -0,0 +1,267 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-21631", + "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "state": "PUBLISHED", + "assignerShortName": "Linux", + "dateReserved": "2024-12-29T08:45:45.726Z", + "datePublished": "2025-01-19T10:17:49.439Z", + "dateUpdated": "2025-05-04T13:05:59.494Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "shortName": "Linux", + "dateUpdated": "2025-05-04T13:05:59.494Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:67\n " + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "programFiles": [ + "block/bfq-iosched.c" + ], + "versions": [ + { + "version": "63a07379fdb6c72450cb05294461c6016b8b7726", + "lessThan": "f587c1ac68956c4703857d650d9b1cd7bb2ac4d7", + "status": "affected", + "versionType": "git" + }, + { + "version": "de0456460f2abf921e356ed2bd8da87a376680bd", + "lessThan": "2550149fcdf2934155ff625d76ad4e3d4b25bbc6", + "status": "affected", + "versionType": "git" + }, + { + "version": "0780451f03bf518bc032a7c584de8f92e2d39d7f", + "lessThan": "be3eed59ac01f429ac10aaa46e26f653bcf581ab", + "status": "affected", + "versionType": "git" + }, + { + "version": "1ba0403ac6447f2d63914fb760c44a3b19c44eaf", + "lessThan": "bc2aeb35ff167e0c6b0cedf0c96a5c41e6cba1ed", + "status": "affected", + "versionType": "git" + }, + { + "version": "1ba0403ac6447f2d63914fb760c44a3b19c44eaf", + "lessThan": "fcede1f0a043ccefe9bc6ad57f12718e42f63f1d", + "status": "affected", + "versionType": "git" + }, + { + "version": "0b8bda0ff17156cd3f60944527c9d8c9f99f1583", + "status": "affected", + "versionType": "git" + }, + { + "version": "cae58d19121a70329cf971359e2518c93fec04fe", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "programFiles": [ + "block/bfq-iosched.c" + ], + "versions": [ + { + "version": "6.12", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.12", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.177", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.125", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.72", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.10", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "cpeApplicability": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.168", + "versionEndExcluding": "5.15.177" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.113", + "versionEndExcluding": "6.1.125" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.54", + "versionEndExcluding": "6.6.72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10.13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11.2" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/f587c1ac68956c4703857d650d9b1cd7bb2ac4d7" + }, + { + "url": "https://git.kernel.org/stable/c/2550149fcdf2934155ff625d76ad4e3d4b25bbc6" + }, + { + "url": "https://git.kernel.org/stable/c/be3eed59ac01f429ac10aaa46e26f653bcf581ab" + }, + { + "url": "https://git.kernel.org/stable/c/bc2aeb35ff167e0c6b0cedf0c96a5c41e6cba1ed" + }, + { + "url": "https://git.kernel.org/stable/c/fcede1f0a043ccefe9bc6ad57f12718e42f63f1d" + } + ], + "title": "block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()", + "x_generator": { + "engine": "bippy-1.2.0" + } + }, + "adp": [ + { + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.8, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "id": "CVE-2025-21631", + "role": "CISA Coordinator", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "total" + } + ], + "version": "2.0.3", + "timestamp": "2025-02-10T17:11:59.322368Z" + } + } + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "type": "CWE", + "cweId": "CWE-416", + "description": "CWE-416 Use After Free" + } + ] + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-10T17:21:05.990Z" + } + } + ] + } +} \ No newline at end of file diff --git a/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21772.json b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21772.json new file mode 100644 index 00000000000..ca7791f5b72 --- /dev/null +++ b/vulnfeeds/cvelist2osv/testdata/sampled_cves/CVE-2025-21772.json @@ -0,0 +1,230 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-21772", + "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "state": "PUBLISHED", + "assignerShortName": "Linux", + "dateReserved": "2024-12-29T08:45:45.762Z", + "datePublished": "2025-02-27T02:18:19.528Z", + "dateUpdated": "2025-05-04T07:20:46.575Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "shortName": "Linux", + "dateUpdated": "2025-05-04T07:20:46.575Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp()." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "programFiles": [ + "block/partitions/mac.c" + ], + "versions": [ + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "a3e77da9f843e4ab93917d30c314f0283e28c124", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "213ba5bd81b7e97ac6e6190b8f3bc6ba76123625", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "40a35d14f3c0dc72b689061ec72fc9b193f37d1f", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "27a39d006f85e869be68c1d5d2ce05e5d6445bf5", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "92527100be38ede924768f4277450dfe8a40e16b", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "6578717ebca91678131d2b1f4ba4258e60536e9f", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "7fa9706722882f634090bfc9af642bf9ed719e27", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "lessThan": "80e648042e512d5a767da251d44132553fe04ae0", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "programFiles": [ + "block/partitions/mac.c" + ], + "versions": [ + { + "version": "5.4.291", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.235", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.179", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.129", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.79", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.16", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.4", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "cpeApplicability": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.291" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.179" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.129" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.13.4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.14" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/a3e77da9f843e4ab93917d30c314f0283e28c124" + }, + { + "url": "https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625" + }, + { + "url": "https://git.kernel.org/stable/c/40a35d14f3c0dc72b689061ec72fc9b193f37d1f" + }, + { + "url": "https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5" + }, + { + "url": "https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b" + }, + { + "url": "https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f" + }, + { + "url": "https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27" + }, + { + "url": "https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0" + } + ], + "title": "partitions: mac: fix handling of bogus partition table", + "x_generator": { + "engine": "bippy-1.2.0" + } + } + } +} \ No newline at end of file From 1fd690074ef8fb70f7ba971b522d0adee52e3587 Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Mon, 8 Dec 2025 05:23:55 +0000 Subject: [PATCH 3/6] fix lint --- vulnfeeds/cvelist2osv/snapshot_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnfeeds/cvelist2osv/snapshot_test.go b/vulnfeeds/cvelist2osv/snapshot_test.go index 4dd208052fd..3230cfbeb58 100644 --- a/vulnfeeds/cvelist2osv/snapshot_test.go +++ b/vulnfeeds/cvelist2osv/snapshot_test.go @@ -61,7 +61,7 @@ func TestSnapshotConversion(t *testing.T) { } // Sort keys for deterministic output - var keys []string + keys := make([]string, 0, len(stats)) for k := range stats { keys = append(keys, k) } From 3dc474b1156adeff3256dd6717d5eb06609a46d1 Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Mon, 8 Dec 2025 22:35:33 +0000 Subject: [PATCH 4/6] Update snaps --- .../cvelist2osv/__snapshots__/{cna => cna-snaps}/GitHub_M.snap | 0 .../cvelist2osv/__snapshots__/{cna => cna-snaps}/GitLab.snap | 0 vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/Linux.snap | 0 .../cvelist2osv/__snapshots__/{cna => cna-snaps}/apache.snap | 0 vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/mitre.snap | 0 vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/snyk.snap | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/GitHub_M.snap (100%) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/GitLab.snap (100%) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/Linux.snap (100%) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/apache.snap (100%) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/mitre.snap (100%) rename vulnfeeds/cvelist2osv/__snapshots__/{cna => cna-snaps}/snyk.snap (100%) diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/GitHub_M.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/GitHub_M.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/GitHub_M.snap diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/GitLab.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/GitLab.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/GitLab.snap diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/Linux.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/Linux.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/Linux.snap diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/apache.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/apache.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/apache.snap diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/mitre.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/mitre.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/mitre.snap diff --git a/vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap b/vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/snyk.snap similarity index 100% rename from vulnfeeds/cvelist2osv/__snapshots__/cna/snyk.snap rename to vulnfeeds/cvelist2osv/__snapshots__/cna-snaps/snyk.snap From 796ca6cd03a537607dddca4c4a9a843db25a5582 Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Mon, 22 Dec 2025 21:05:11 +0000 Subject: [PATCH 5/6] use a function for outputting conversion output. --- vulnfeeds/cvelist2osv/common.go | 18 ++++++++++++++++++ vulnfeeds/cvelist2osv/snapshot_test.go | 16 ++-------------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/vulnfeeds/cvelist2osv/common.go b/vulnfeeds/cvelist2osv/common.go index c853091e176..4ab9a6e4149 100644 --- a/vulnfeeds/cvelist2osv/common.go +++ b/vulnfeeds/cvelist2osv/common.go @@ -4,7 +4,9 @@ import ( "cmp" "encoding/json" "errors" + "fmt" "log/slog" + "slices" "strconv" "strings" @@ -101,6 +103,22 @@ func toVersionRangeType(s string) VersionRangeType { } } +func createConversionsOutput(stats map[string]int) string { + keys := make([]string, 0, len(stats)) + for k := range stats { + keys = append(keys, k) + } + slices.Sort(keys) + + var statsOutput strings.Builder + + statsOutput.WriteString("Conversion Outcomes:\n") + for _, k := range keys { + statsOutput.WriteString(fmt.Sprintf("%s: %d\n", k, stats[k])) + } + return statsOutput.String() +} + // resolveVersionToCommit is a helper to convert a version string to a commit hash. // It logs the outcome of the conversion attempt and returns an empty string on failure. func resolveVersionToCommit(cveID cves.CVEID, version, versionType, repo string, normalizedTags map[string]git.NormalizedTag) string { diff --git a/vulnfeeds/cvelist2osv/snapshot_test.go b/vulnfeeds/cvelist2osv/snapshot_test.go index 3230cfbeb58..24ef6d148fc 100644 --- a/vulnfeeds/cvelist2osv/snapshot_test.go +++ b/vulnfeeds/cvelist2osv/snapshot_test.go @@ -2,10 +2,8 @@ package cvelist2osv import ( "bytes" - "fmt" "os" "path/filepath" - "sort" "strings" "testing" @@ -61,16 +59,6 @@ func TestSnapshotConversion(t *testing.T) { } // Sort keys for deterministic output - keys := make([]string, 0, len(stats)) - for k := range stats { - keys = append(keys, k) - } - sort.Strings(keys) - - var statsOutput strings.Builder - statsOutput.WriteString("Conversion Outcomes:\n") - for _, k := range keys { - statsOutput.WriteString(fmt.Sprintf("%s: %d\n", k, stats[k])) - } - snaps.WithConfig(snaps.Filename("conversion_outcomes")).MatchSnapshot(t, statsOutput.String()) + statsOutput := createConversionsOutput(stats) + snaps.WithConfig(snaps.Filename("conversion_outcomes")).MatchSnapshot(t, statsOutput) } From b33f0eca90dd8a9571fa53eb957671885158ba3a Mon Sep 17 00:00:00 2001 From: Jess Lowe Date: Tue, 23 Dec 2025 03:11:16 +0000 Subject: [PATCH 6/6] shorten keys sorting logic --- vulnfeeds/cvelist2osv/common.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/vulnfeeds/cvelist2osv/common.go b/vulnfeeds/cvelist2osv/common.go index 4ab9a6e4149..4018a63bbf8 100644 --- a/vulnfeeds/cvelist2osv/common.go +++ b/vulnfeeds/cvelist2osv/common.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "log/slog" + "maps" "slices" "strconv" "strings" @@ -104,11 +105,7 @@ func toVersionRangeType(s string) VersionRangeType { } func createConversionsOutput(stats map[string]int) string { - keys := make([]string, 0, len(stats)) - for k := range stats { - keys = append(keys, k) - } - slices.Sort(keys) + keys := slices.Sorted(maps.Keys(stats)) var statsOutput strings.Builder @@ -116,6 +113,7 @@ func createConversionsOutput(stats map[string]int) string { for _, k := range keys { statsOutput.WriteString(fmt.Sprintf("%s: %d\n", k, stats[k])) } + return statsOutput.String() }