enrich CVE-2024-20923 for openjfx

Signed-off-by: Weston Steimel <[email protected]>
anchore · May 29, 2024 · a721fde · a721fde
1 parent 35fd01c
commit a721fde
Showing 1 changed file with 129 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-20923.json b/data/anchore/2024/CVE-2024-20923.json
@@ -0,0 +1,129 @@
+{
+  "additionalMetadata": {
+    "cna": "oracle",
+    "cveId": "CVE-2024-20923",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://www.oracle.com/security-alerts/cpujan2024.html"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:oracle:graalvm_enterprise:*:*:*:*:*:*:*:*"
+        ],
+        "product": "GraalVM Enterprise",
+        "vendor": "Oracle Corporation",
+        "versions": [
+          {
+            "lessThanOrEqual": "20.3.12",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          },
+          {
+            "lessThanOrEqual": "21.3.8",
+            "status": "affected",
+            "version": "21-ea",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "cpes": [
+          "cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*"
+        ],
+        "product": "GraalVM for JDK",
+        "vendor": "Oracle Corporation",
+        "versions": [
+          {
+            "lessThanOrEqual": "17.0.9",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          },
+          {
+            "lessThanOrEqual": "21.0.1",
+            "status": "affected",
+            "version": "18-ea",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "cpes": [
+          "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Java SE",
+        "vendor": "Oracle Corporation",
+        "versions": [
+          {
+            "lessThanOrEqual": "1.8.0_391",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          },
+          {
+            "lessThanOrEqual": "8.0.391",
+            "status": "affected",
+            "version": "1.9-ea",
+            "versionType": "custom"
+          }
+        ]
+      },
+      {
+        "collectionURL": "https://repo.maven.apache.org/maven2",
+        "packageName": "org.openjfx:javafx-graphics",
+        "cpes": [
+          "cpe:2.3:a:oracle:openjfx:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:openjdk:jfx:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:org.openjfx:javafx-graphics:*:*:*:*:*:*:*:*"
+        ],
+        "repo": "https://github.com/openjdk/jfx",
+        "product": "OpenJFX",
+        "vendor": "Oracle Corporation",
+        "versions": [
+          {
+            "lessThan": "17.0.10",
+            "status": "affected",
+            "version": "0",
+            "versionType": "semver"
+          },
+          {
+            "lessThan": "21.0.2",
+            "status": "affected",
+            "version": "18-ea",
+            "versionType": "semver"
+          },
+          {
+            "lessThan": "22-ea+27",
+            "status": "affected",
+            "version": "22-ea",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://openjdk.org/groups/vulnerability/advisories/2024-01-16"
+      },
+      {
+        "url": "https://github.com/openjdk/jfx17u/commit/18206453163dec04f36f8787ce73624bb9ba6a7d"
+      },
+      {
+        "url": "https://github.com/openjdk/jfx21u/commit/0c00753da13ed696b1a5025ce01ff478ee7ebd0a"
+      },
+      {
+        "url": "https://github.com/openjdk/jfx/commit/0a52a4cf1d1226e7a3c6d73313fde02e7f36fb11"
+      }
+    ]
+  }
+}