Skip to content

Commit

Permalink
finish apache conversions
Browse files Browse the repository at this point in the history 
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
@westonsteimel
westonsteimel committed May 17, 2024
1 parent ef84cdd commit 0d9fb16
Show file tree
Hide file tree
Showing 12 changed files with 145 additions and 38 deletions.
54 changes: 45 additions & 9 deletions data/anchore/2024/CVE-2024-23672.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-23672",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f",
Expand All @@ -14,32 +13,69 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"packageName": "org.apache.tomcat.embed:tomcat-embed-websocket",
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
"cpe:2.3:a:org.apache.tomcat.embed:tomcat-embed-websocket:*:*:*:*:*:*:*:*"
],
"product": "Apache Tomcat Embed",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "11.0.0-M17",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThan": "10.1.19",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThan": "9.0.86",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThan": "8.5.99",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"packageName": "org.apache.tomcat:tomcat-websocket",
"cpes": [
"cpe:2.3:a:org.apache.tomcat:tomcat-websocket:*:*:*:*:*:*:*:*"
],
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-m16",
"lessThan": "11.0.0-M17",
"status": "affected",
"version": "11.0.0-m1",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.18",
"lessThan": "10.1.19",
"status": "affected",
"version": "10.1.0-m1",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.85",
"lessThan": "9.0.86",
"status": "affected",
"version": "9.0.0-m1",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.98",
"lessThan": "8.5.99",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
Expand Down
54 changes: 45 additions & 9 deletions data/anchore/2024/CVE-2024-24549.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-24549",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://security.netapp.com/advisory/ntap-20240402-0002/",
Expand All @@ -14,32 +13,69 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"packageName": "org.apache.tomcat.embed:tomcat-embed-core",
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
"cpe:2.3:a:org.apache.tomcat.embed:tomcat-embed-core:*:*:*:*:*:*:*:*"
],
"product": "Apache Tomcat Embed",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "11.0.0-M17",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThan": "10.1.19",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThan": "9.0.86",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThan": "8.5.99",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"packageName": "org.apache.tomcat:tomcat-coyote",
"cpes": [
"cpe:2.3:a:org.apache.tomcat:tomcat-coyote:*:*:*:*:*:*:*:*"
],
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-m16",
"lessThan": "11.0.0-M17",
"status": "affected",
"version": "11.0.0-m1",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.18",
"lessThan": "10.1.19",
"status": "affected",
"version": "10.1.0-m1",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.85",
"lessThan": "9.0.86",
"status": "affected",
"version": "9.0.0-m1",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.98",
"lessThan": "8.5.99",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
Expand Down
1 change: 1 addition & 0 deletions data/anchore/2024/CVE-2024-27138.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
Expand Down
1 change: 1 addition & 0 deletions data/anchore/2024/CVE-2024-27139.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
Expand Down
1 change: 1 addition & 0 deletions data/anchore/2024/CVE-2024-27140.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
Expand Down
16 changes: 13 additions & 3 deletions data/anchore/2024/CVE-2024-29006.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,45 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-29006",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
],
"toDos": [
"org.apache.cloudstack:cloudstack is not available on maven central. It appears to only be oublished to GitHub package registry. It is unclear what the collectionURL should be for that."
]
},
"adp": {
"affected": [
{
"packageName": "org.apache.cloudstack:cloudstack",
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"cpe:2.3:a:org.apache.cloudstack:cloudstack:*:*:*:*:*:*:*:*"
],
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"lessThan": "4.18.1.1",
"status": "affected",
"version": "4.11.0.0",
"versionType": "semver"
},
{
"lessThan": "4.19.0.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "custom"
}
]
}
],
"references": [
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1"
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
Expand Down
13 changes: 11 additions & 2 deletions data/anchore/2024/CVE-2024-29007.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,21 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-29007",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
],
"toDos": [
"org.apache.cloudstack:cloudstack is not available on maven central. It appears to only be oublished to GitHub package registry. It is unclear what the collectionURL should be for that."
]
},
"adp": {
"affected": [
{
"packageName": "org.apache.cloudstack:cloudstack",
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"cpe:2.3:a:org.apache.cloudstack:cloudstack:*:*:*:*:*:*:*:*"
],
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
Expand All @@ -31,6 +35,11 @@
]
}
],
"references": [
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1"
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
Expand Down
16 changes: 13 additions & 3 deletions data/anchore/2024/CVE-2024-29008.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,45 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-29008",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
],
"toDos": [
"org.apache.cloudstack:cloudstack is not available on maven central. It appears to only be oublished to GitHub package registry. It is unclear what the collectionURL should be for that."
]
},
"adp": {
"affected": [
{
"packageName": "org.apache.cloudstack:cloudstack",
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"cpe:2.3:a:org.apache.cloudstack:cloudstack:*:*:*:*:*:*:*:*"
],
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"lessThan": "4.18.1.1",
"status": "affected",
"version": "4.14.0.0",
"versionType": "semver"
},
{
"lessThan": "4.19.0.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "custom"
}
]
}
],
"references": [
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1"
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
Expand Down
5 changes: 2 additions & 3 deletions data/anchore/2024/CVE-2024-31309.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-31309",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"http://www.openwall.com/lists/oss-security/2024/04/03/16",
Expand All @@ -24,13 +23,13 @@
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "8.1.9",
"lessThan": "8.1.10",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"lessThan": "9.2.4",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
Expand Down
4 changes: 2 additions & 2 deletions data/anchore/2024/CVE-2024-31864.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2024-31864",
"needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"http://www.openwall.com/lists/oss-security/2024/04/09/8",
Expand All @@ -15,8 +14,9 @@
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"packageName": "org.apache.zeppelin:zeppelin-jdbc",
"cpes": [
"cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*"
"cpe:2.3:a:org.apache.zeppelin:zeppelin-jdbc:*:*:*:*:*:*:*:*"
],
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
Expand Down
Loading

0 comments on commit 0d9fb16

Please sign in to comment.