diff --git a/advisories/unreviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json b/advisories/github-reviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json similarity index 59% rename from advisories/unreviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json rename to advisories/github-reviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json index 4e0800ce403d4..e7919227ad40c 100644 --- a/advisories/unreviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json +++ b/advisories/github-reviewed/2024/12/GHSA-qx95-cwh6-9mvq/GHSA-qx95-cwh6-9mvq.json @@ -1,14 +1,35 @@ { "schema_version": "1.4.0", "id": "GHSA-qx95-cwh6-9mvq", - "modified": "2024-12-27T15:31:50Z", + "modified": "2024-12-27T21:07:38Z", "published": "2024-12-27T06:30:48Z", "aliases": [ "CVE-2024-56527" ], + "summary": "TCPDF missing character escape on error messages", "details": "An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.", "severity": [], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "tecnickcom/tcpdf" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.8.0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -22,6 +43,10 @@ "type": "WEB", "url": "https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add" }, + { + "type": "PACKAGE", + "url": "https://github.com/tecnickcom/TCPDF" + }, { "type": "WEB", "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" @@ -35,9 +60,9 @@ "cwe_ids": [ "CWE-79" ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-27T21:07:38Z", "nvd_published_at": "2024-12-27T06:15:23Z" } } \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json b/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json similarity index 58% rename from advisories/unreviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json rename to advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json index bf9073503a7ff..656aae29f7e70 100644 --- a/advisories/unreviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json +++ b/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json @@ -1,14 +1,35 @@ { "schema_version": "1.4.0", "id": "GHSA-w95c-7994-ghpr", - "modified": "2024-12-27T06:30:48Z", + "modified": "2024-12-27T21:07:22Z", "published": "2024-12-27T06:30:48Z", "aliases": [ "CVE-2024-56522" ], + "summary": "TCPDF has incorrect comparison", "details": "An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.", "severity": [], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "tecnickcom/tcpdf" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.8.0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -18,6 +39,10 @@ "type": "WEB", "url": "https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89" }, + { + "type": "PACKAGE", + "url": "https://github.com/tecnickcom/TCPDF" + }, { "type": "WEB", "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" @@ -32,10 +57,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, + "cwe_ids": [ + "CWE-697" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-27T21:07:22Z", "nvd_published_at": "2024-12-27T05:15:08Z" } } \ No newline at end of file