Search criteria
24 vulnerabilities
CVE-2024-9301 (GCVE-0-2024-9301)
Vulnerability from cvelistv5 – Published: 2024-09-27 17:41 – Updated: 2024-09-27 18:59
VLAI?
Summary
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netflix:e2nest:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "e2nest",
"vendor": "netflix",
"versions": [
{
"lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T18:57:50.355035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:59:31.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "E2Nest",
"repo": "https://github.com/Netflix/e2nest",
"vendor": "Netflix",
"versions": [
{
"lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a\u003c/span\u003e"
}
],
"value": "A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T17:41:49.445Z",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2024-9301",
"datePublished": "2024-09-27T17:41:49.445Z",
"dateReserved": "2024-09-27T17:13:09.452Z",
"dateUpdated": "2024-09-27T18:59:31.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7093 (GCVE-0-2024-7093)
Vulnerability from cvelistv5 – Published: 2024-08-01 21:07 – Updated: 2024-08-02 16:04
VLAI?
Summary
Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dispatch",
"vendor": "netflix",
"versions": [
{
"lessThan": "20240731",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:04:33.810735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:04:37.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dispatch",
"repo": "https://github.com/Netflix/dispatch",
"vendor": "Netflix",
"versions": [
{
"lessThan": "v20240731",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dispatch\u0027s notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out."
}
],
"value": "Dispatch\u0027s notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:07:35.787Z",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Template Injection in Dispatch Message Templates",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2024-7093",
"datePublished": "2024-08-01T21:07:35.787Z",
"dateReserved": "2024-07-24T21:43:55.252Z",
"dateUpdated": "2024-08-02T16:04:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5023 (GCVE-0-2024-5023)
Vulnerability from cvelistv5 – Published: 2024-05-16 18:05 – Updated: 2024-08-01 21:03
VLAI?
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netflix:consoleme:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "consoleme",
"vendor": "netflix",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T19:41:24.820927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:54:20.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:09.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ConsoleMe",
"repo": "https://github.com/Netflix/consoleme/",
"vendor": "Netflix",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"datePublic": "2024-05-16T18:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Netflix ConsoleMe allows Command Injection.\u003cp\u003eThis issue affects ConsoleMe: before 1.4.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T18:23:48.028Z",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-002.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2024-5023",
"datePublished": "2024-05-16T18:05:40.240Z",
"dateReserved": "2024-05-16T17:55:52.981Z",
"dateUpdated": "2024-08-01T21:03:09.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4701 (GCVE-0-2024-4701)
Vulnerability from cvelistv5 – Published: 2024-05-10 18:37 – Updated: 2024-08-01 20:47
VLAI?
Summary
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
Severity ?
9.9 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netflix:genie:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genie",
"vendor": "netflix",
"versions": [
{
"lessThan": "4.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4701",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T19:06:05.557902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:51:31.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Genie",
"repo": "https://github.com/Netflix/genie",
"vendor": "Netflix",
"versions": [
{
"lessThanOrEqual": "4.3.18",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18"
}
],
"value": "A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-10T18:37:21.582Z",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal vulnerability via File Uploads in Genie",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2024-4701",
"datePublished": "2024-05-10T18:37:21.582Z",
"dateReserved": "2024-05-09T18:27:58.122Z",
"dateUpdated": "2024-08-01T20:47:41.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27177 (GCVE-0-2022-27177)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 05:25
VLAI?
Summary
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
Severity ?
No CVSS data available.
CWE
- Format String Vulnerability in ConsoleMe
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ConsoleMe",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Format String Vulnerability in ConsoleMe",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:04",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2022-27177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ConsoleMe",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Format String Vulnerability in ConsoleMe"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2022-27177",
"datePublished": "2022-04-01T22:17:04",
"dateReserved": "2022-03-25T00:00:00",
"dateUpdated": "2024-08-03T05:25:31.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28099 (GCVE-0-2021-28099)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:28 – Updated: 2024-08-03 21:33
VLAI?
Summary
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.
Severity ?
No CVSS data available.
CWE
- Local Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix OSS Hollow |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix OSS Hollow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:28:52",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2021-28099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix OSS Hollow",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2021-28099",
"datePublished": "2021-03-23T20:28:52",
"dateReserved": "2021-03-09T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28100 (GCVE-0-2021-28100)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:26 – Updated: 2024-08-03 21:33
VLAI?
Summary
Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.
Severity ?
No CVSS data available.
CWE
- Local Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix OSS Priam |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix OSS Priam",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:26:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2021-28100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix OSS Priam",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2021-28100",
"datePublished": "2021-03-23T20:26:01",
"dateReserved": "2021-03-09T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9301 (GCVE-0-2020-9301)
Vulnerability from cvelistv5 – Published: 2020-12-11 02:10 – Updated: 2024-08-04 10:26
VLAI?
Summary
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.
Severity ?
No CVSS data available.
CWE
- SpEL Template injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Spinnaker |
Affected:
All versions prior to version 1.23.4, 1.22.4 or 1.21.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Spinnaker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.23.4, 1.22.4 or 1.21.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SpEL Template injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T02:10:32",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Spinnaker",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.23.4, 1.22.4 or 1.21.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SpEL Template injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md",
"refsource": "CONFIRM",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9301",
"datePublished": "2020-12-11T02:10:32",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9299 (GCVE-0-2020-9299)
Vulnerability from cvelistv5 – Published: 2020-11-09 14:50 – Updated: 2024-08-04 10:26
VLAI?
Summary
There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.
Severity ?
No CVSS data available.
CWE
- Multiple Cross-Site Scripting Vulnerabilities
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Dispatch |
Affected:
All versions prior to v20201106
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Dispatch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to v20201106"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Cross-Site Scripting Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T14:50:18",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Dispatch",
"version": {
"version_data": [
{
"version_value": "All versions prior to v20201106"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Cross-Site Scripting Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/dispatch/releases/tag/v20201106",
"refsource": "MISC",
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9299",
"datePublished": "2020-11-09T14:50:18",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:15.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9300 (GCVE-0-2020-9300)
Vulnerability from cvelistv5 – Published: 2020-11-09 14:41 – Updated: 2024-08-04 10:26
VLAI?
Summary
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
Severity ?
No CVSS data available.
CWE
- Multiple Multiple Access Control Issues in Dispatch
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Dispatch |
Affected:
All versions prior to v20201106
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Dispatch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to v20201106"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Multiple Access Control Issues in Dispatch",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T14:41:37",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Dispatch",
"version": {
"version_data": [
{
"version_value": "All versions prior to v20201106"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Multiple Access Control Issues in Dispatch"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md"
},
{
"name": "https://github.com/Netflix/dispatch/releases/tag/v20201106",
"refsource": "MISC",
"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9300",
"datePublished": "2020-11-09T14:41:37",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:15.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9298 (GCVE-0-2020-9298)
Vulnerability from cvelistv5 – Published: 2020-08-28 14:45 – Updated: 2024-08-04 10:26
VLAI?
Summary
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Severity ?
No CVSS data available.
CWE
- Server-Side Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Orca Spinnaker |
Affected:
All versions prior to version v8.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Orca Spinnaker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version v8.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-28T14:45:54",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Orca Spinnaker",
"version": {
"version_data": [
{
"version_value": "All versions prior to version v8.7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9298",
"datePublished": "2020-08-28T14:45:54",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9297 (GCVE-0-2020-9297)
Vulnerability from cvelistv5 – Published: 2020-07-14 19:07 – Updated: 2024-08-04 10:26
VLAI?
Summary
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
Severity ?
No CVSS data available.
CWE
- Server-Side Template Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Titus |
Affected:
All versions prior to version v0.1.1-rc.274
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Titus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version v0.1.1-rc.274"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Template Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T19:07:54",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Titus",
"version": {
"version_data": [
{
"version_value": "All versions prior to version v0.1.1-rc.274"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9297",
"datePublished": "2020-07-14T19:07:54",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9296 (GCVE-0-2020-9296)
Vulnerability from cvelistv5 – Published: 2020-06-16 13:19 – Updated: 2024-08-04 10:26
VLAI?
Summary
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
Severity ?
No CVSS data available.
CWE
- Server-Side Template Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netflix Titus |
Affected:
All versions prior to version v0.1.1-rc.274
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netflix Titus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version v0.1.1-rc.274"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Template Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T17:36:33",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2020-9296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netflix Titus",
"version": {
"version_data": [
{
"version_value": "All versions prior to version v0.1.1-rc.274"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2020-9296",
"datePublished": "2020-06-16T13:19:56",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10028 (GCVE-0-2019-10028)
Vulnerability from cvelistv5 – Published: 2019-06-21 20:10 – Updated: 2024-08-04 22:10
VLAI?
Summary
Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netflix | Dial Reference Source Code Repo (https://github.com/Netflix/dial-reference) |
Affected:
Before June 18
Affected: 2019. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dial Reference Source Code Repo (https://github.com/Netflix/dial-reference)",
"vendor": "Netflix",
"versions": [
{
"status": "affected",
"version": "Before June 18"
},
{
"status": "affected",
"version": "2019."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T20:10:03",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-report@netflix.com",
"ID": "CVE-2019-10028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dial Reference Source Code Repo (https://github.com/Netflix/dial-reference)",
"version": {
"version_data": [
{
"version_value": "Before June 18"
},
{
"version_value": "2019."
}
]
}
}
]
},
"vendor_name": "Netflix"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md",
"refsource": "CONFIRM",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2019-10028",
"datePublished": "2019-06-21T20:10:03",
"dateReserved": "2019-03-25T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10657 (GCVE-0-2017-10657)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10657",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10654 (GCVE-0-2017-10654)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10654",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10655 (GCVE-0-2017-10655)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10655",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10651 (GCVE-0-2017-10651)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10651",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10656 (GCVE-0-2017-10656)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10656",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10652 (GCVE-0-2017-10652)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10652",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10659 (GCVE-0-2017-10659)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10659",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10660 (GCVE-0-2017-10660)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10660",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10653 (GCVE-0-2017-10653)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10653",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2017-10658 (GCVE-0-2017-10658)
Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2018-08-29 20:57
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-08-29T20:57:01",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2017-10658",
"datePublished": "2018-08-29T21:00:00",
"dateRejected": "2018-08-29T20:57:01",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2018-08-29T20:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}