Latest data: Wed Feb 28 08:05:28 UTC 2024

audits/dnsrobocert-requirements.audit.json

@@ -0,0 +1,126 @@
+[
+  {
+    "package": {
+      "name": "configobj",
+      "version": "5.0.8",
+      "ecosystem": "PyPI"
+    },
+    "dependency_groups": [
+      "dnsrobocert-requirements"
+    ],
+    "vulnerabilities": [
+      {
+        "modified": "2024-02-18T05:29:13Z",
+        "published": "2023-04-03T06:30:19Z",
+        "schema_version": "1.6.0",
+        "id": "GHSA-c33w-24p9-8m24",
+        "aliases": [
+          "CVE-2023-26112"
+        ],
+        "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file",
+        "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.",
+        "affected": [
+          {
+            "package": {
+              "ecosystem": "PyPI",
+              "name": "configobj",
+              "purl": "pkg:pypi/configobj"
+            },
+            "ranges": [
+              {
+                "type": "ECOSYSTEM",
+                "events": [
+                  {
+                    "introduced": "0"
+                  },
+                  {
+                    "last_affected": "5.0.8"
+                  }
+                ]
+              }
+            ],
+            "versions": [
+              "4.4.0",
+              "4.5.0",
+              "4.5.1",
+              "4.5.2",
+              "4.5.3",
+              "4.6.0",
+              "4.7.0",
+              "4.7.1",
+              "4.7.2",
+              "5.0.0",
+              "5.0.1",
+              "5.0.2",
+              "5.0.3",
+              "5.0.4",
+              "5.0.5",
+              "5.0.6",
+              "5.0.7",
+              "5.0.8"
+            ],
+            "database_specific": {
+              "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json"
+            }
+          }
+        ],
+        "severity": [
+          {
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+          }
+        ],
+        "references": [
+          {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112"
+          },
+          {
+            "type": "WEB",
+            "url": "https://github.com/DiffSK/configobj/issues/232"
+          },
+          {
+            "type": "PACKAGE",
+            "url": "https://github.com/DiffSK/configobj"
+          },
+          {
+            "type": "WEB",
+            "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN"
+          },
+          {
+            "type": "WEB",
+            "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK"
+          },
+          {
+            "type": "WEB",
+            "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK"
+          },
+          {
+            "type": "WEB",
+            "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494"
+          }
+        ],
+        "database_specific": {
+          "cwe_ids": [
+            "CWE-1333"
+          ],
+          "github_reviewed": true,
+          "github_reviewed_at": "2023-04-04T21:40:45Z",
+          "nvd_published_at": "2023-04-03T05:15:00Z",
+          "severity": "LOW"
+        }
+      }
+    ],
+    "groups": [
+      {
+        "ids": [
+          "GHSA-c33w-24p9-8m24"
+        ],
+        "aliases": [
+          "CVE-2023-26112",
+          "GHSA-c33w-24p9-8m24"
+        ]
+      }
+    ]
+  }
+]