Vulnerabilites related to Apache Software Foundation - Apache Portals
cve-2021-36738
Vulnerability from cvelistv5
Published
2022-01-06 08:50
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portals |
Version: org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet 3.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:01:59.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Portals", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet 3.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-06T08:50:15", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll", }, ], source: { discovery: "UNKNOWN", }, title: "XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet", workarounds: [ { lang: "en", value: "* Uninstall the applicant-mvcbean-cdi-jsp-portlet.war artifact\n-or-\n* Migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-36738", STATE: "PUBLIC", TITLE: "XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Portals", version: { version_data: [ { version_affected: "=", version_name: "org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet", version_value: "3.1.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll", refsource: "MISC", url: "https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "* Uninstall the applicant-mvcbean-cdi-jsp-portlet.war artifact\n-or-\n* Migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-36738", datePublished: "2022-01-06T08:50:15", dateReserved: "2021-07-14T00:00:00", dateUpdated: "2024-08-04T01:01:59.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-36739
Vulnerability from cvelistv5
Published
2022-01-06 08:50
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portals |
Version: org.apache.portals.pluto.archetype:mvcbean-jsp-portlet-archetype 3.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:01:59.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Portals", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "org.apache.portals.pluto.archetype:mvcbean-jsp-portlet-archetype 3.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "The \"first name\" and \"last name\" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-06T08:50:16", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p", }, ], source: { discovery: "UNKNOWN", }, title: "XSS vulnerability in the MVCBean JSP portlet maven archetype", workarounds: [ { lang: "en", value: "If a project was generated from the affected maven archetype using a command like the following:\n\nmvn archetype:generate \\\n -DarchetypeGroupId=org.apache.portals.pluto.archetype \\\n -DarchetypeArtifactId=mvcbean-jsp-portlet-archetype \\\n -DarchetypeVersion=3.1.0 \\\n -DgroupId=com.mycompany \\\n -DartifactId=com.mycompany.my.mvcbean.jsp.portlet\n\nThen developers must fix the generated greeting.jspx file by escaping the rendered values submitted to the \"First Name\" and \"Last Name\" fields.\n\nFor example, change:\n\n <span>${user.firstName} ${user.lastName}! </span>\n\nTo:\n\n <span>${mvc.encoders.html(user.firstName)} ${mvc.encoders.html(user.lastName)}! </span>\n\nMoving forward, all such projects should be generated from version 3.1.1 of the Maven archetype.\n", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-36739", STATE: "PUBLIC", TITLE: "XSS vulnerability in the MVCBean JSP portlet maven archetype", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Portals", version: { version_data: [ { version_affected: "=", version_name: "org.apache.portals.pluto.archetype:mvcbean-jsp-portlet-archetype", version_value: "3.1.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The \"first name\" and \"last name\" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p", refsource: "MISC", url: "https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "If a project was generated from the affected maven archetype using a command like the following:\n\nmvn archetype:generate \\\n -DarchetypeGroupId=org.apache.portals.pluto.archetype \\\n -DarchetypeArtifactId=mvcbean-jsp-portlet-archetype \\\n -DarchetypeVersion=3.1.0 \\\n -DgroupId=com.mycompany \\\n -DartifactId=com.mycompany.my.mvcbean.jsp.portlet\n\nThen developers must fix the generated greeting.jspx file by escaping the rendered values submitted to the \"First Name\" and \"Last Name\" fields.\n\nFor example, change:\n\n <span>${user.firstName} ${user.lastName}! </span>\n\nTo:\n\n <span>${mvc.encoders.html(user.firstName)} ${mvc.encoders.html(user.lastName)}! </span>\n\nMoving forward, all such projects should be generated from version 3.1.1 of the Maven archetype.\n", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-36739", datePublished: "2022-01-06T08:50:16", dateReserved: "2021-07-14T00:00:00", dateUpdated: "2024-08-04T01:01:59.033Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-36737
Vulnerability from cvelistv5
Published
2022-01-06 08:50
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portals |
Version: org.apache.portals.pluto:PortletV3Demo 3.0.0 Version: org.apache.portals.pluto:PortletV3Demo 3.0.1 Version: org.apache.portals.pluto.demo:v3-demo-portlet 3.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:01:58.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Portals", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "org.apache.portals.pluto:PortletV3Demo 3.0.0", }, { status: "affected", version: "org.apache.portals.pluto:PortletV3Demo 3.0.1", }, { status: "affected", version: "org.apache.portals.pluto.demo:v3-demo-portlet 3.1.0", }, ], }, ], credits: [ { lang: "en", value: "Thanks to Dhiraj Mishra for reporting.", }, ], descriptions: [ { lang: "en", value: "The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-06T08:50:13", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25", }, ], source: { discovery: "UNKNOWN", }, title: "XSS in V3 Demo Portlet", workarounds: [ { lang: "en", value: "* Uninstall the v3-demo-portlet.war artifact\n -or-\n* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-36737", STATE: "PUBLIC", TITLE: "XSS in V3 Demo Portlet", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Portals", version: { version_data: [ { version_affected: "=", version_name: "org.apache.portals.pluto:PortletV3Demo", version_value: "3.0.0", }, { version_affected: "=", version_name: "org.apache.portals.pluto:PortletV3Demo", version_value: "3.0.1", }, { version_affected: "=", version_name: "org.apache.portals.pluto.demo:v3-demo-portlet", version_value: "3.1.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Thanks to Dhiraj Mishra for reporting.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25", refsource: "MISC", url: "https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "* Uninstall the v3-demo-portlet.war artifact\n -or-\n* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-36737", datePublished: "2022-01-06T08:50:13", dateReserved: "2021-07-14T00:00:00", dateUpdated: "2024-08-04T01:01:58.974Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32533
Vulnerability from cvelistv5
Published
2022-07-06 09:40
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2022/07/06/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/07/06/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portals |
Version: Jetspeed 2.3.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:portals_jetspeed:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "portals_jetspeed", vendor: "apache", versions: [ { status: "affected", version: "2.3.1", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-32533", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-17T19:35:55.841119Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-17T19:43:42.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T07:46:43.528Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/07/06/1", }, { name: "[oss-security] 20220706 CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/06/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Portals", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Jetspeed 2.3.1", }, ], }, ], credits: [ { lang: "en", value: "Thanks to RunningSnail for reporting.", }, ], descriptions: [ { lang: "en", value: "Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Cross-Site Scripting (XSS); CWE-352: Cross-Site Request Forgery (CSRF); CWE-918: Server-Side Request Forgery (SSRF); CWE-611: XML eXternal Entities (XXE)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T11:06:11", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2022/07/06/1", }, { name: "[oss-security] 20220706 CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/07/06/1", }, ], source: { discovery: "UNKNOWN", }, tags: [ "unsupported-when-assigned", ], title: "Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-32533", STATE: "PUBLIC", TITLE: "Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Portals", version: { version_data: [ { version_affected: "=", version_name: "Jetspeed", version_value: "2.3.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Thanks to RunningSnail for reporting.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Cross-Site Scripting (XSS); CWE-352: Cross-Site Request Forgery (CSRF); CWE-918: Server-Side Request Forgery (SSRF); CWE-611: XML eXternal Entities (XXE)", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2", refsource: "MISC", url: "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2", }, { name: "https://www.openwall.com/lists/oss-security/2022/07/06/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2022/07/06/1", }, { name: "[oss-security] 20220706 CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/07/06/1", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-32533", datePublished: "2022-07-06T09:40:12", dateReserved: "2022-06-07T00:00:00", dateUpdated: "2024-08-03T07:46:43.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }