Publish Advisories

GHSA-9r5x-fjv3-q6h4 GHSA-2p7x-jcr3-7p2c
uricamatthews-gmail-com · Jul 13, 2022 · 4cfb85b · 4cfb85b
1 parent 0fde3e0
commit 4cfb85b
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 4 deletions.
diff --git a/advisories/github-reviewed/2022/02/GHSA-9r5x-fjv3-q6h4/GHSA-9r5x-fjv3-q6h4.json b/advisories/github-reviewed/2022/02/GHSA-9r5x-fjv3-q6h4/GHSA-9r5x-fjv3-q6h4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-9r5x-fjv3-q6h4",
-  "modified": "2021-05-12T20:34:10Z",
+  "modified": "2022-07-13T18:57:29Z",
   "published": "2022-02-15T01:57:18Z",
   "aliases": [
     "CVE-2021-3127"
@@ -70,6 +70,10 @@
     {
       "type": "WEB",
       "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/nats-io/jwt"
     }
   ],
   "database_specific": {

diff --git a/...A-2p7x-jcr3-7p2c/GHSA-2p7x-jcr3-7p2c.json → ...A-2p7x-jcr3-7p2c/GHSA-2p7x-jcr3-7p2c.json b/...A-2p7x-jcr3-7p2c/GHSA-2p7x-jcr3-7p2c.json → ...A-2p7x-jcr3-7p2c/GHSA-2p7x-jcr3-7p2c.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-2p7x-jcr3-7p2c",
-  "modified": "2022-05-13T01:09:22Z",
+  "modified": "2022-07-13T19:02:12Z",
   "published": "2022-05-13T01:09:22Z",
   "aliases": [
     "CVE-2012-0803"
   ],
+  "summary": "Improper Authentication in Apache CXF",
   "details": "The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.",
   "severity": [
     {
@@ -14,7 +15,50 @@
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.apache.cxf:cxf"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.4.0"
+            },
+            {
+              "fixed": "2.4.6"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2.4.5"
+      }
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.apache.cxf:cxf"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.5.0"
+            },
+            {
+              "fixed": "2.5.2"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2.5.1"
+      }
+    }
   ],
   "references": [
     {
@@ -52,13 +96,17 @@
     {
       "type": "WEB",
       "url": "http://svn.apache.org/viewvc?view=revision&revision=1233457"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/cxf"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-287"
     ],
     "severity": "CRITICAL",
-    "github_reviewed": false
+    "github_reviewed": true
   }
 }