Publish Advisories

GHSA-2697-96mv-3gfm GHSA-4fwj-m62q-pp47 GHSA-7rm3-4w6j-8xx4 GHSA-8jhw-6pjj-8723 GHSA-9wmc-988h-2mv2 GHSA-ggwq-xc72-33r3 GHSA-w95c-7994-ghpr
github · Dec 30, 2024 · e367ce3 · e367ce3
1 parent 2827437
commit e367ce3
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 14 deletions.
diff --git a/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json b/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2697-96mv-3gfm",
-  "modified": "2024-12-30T18:06:11Z",
+  "modified": "2024-12-30T18:45:26Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50701"
   ],
   "summary": "TeamPass does not properly check whether a folder is in a user's allowed folders list",
   "details": "TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-266",
       "CWE-285"
     ],
     "severity": "MODERATE",

diff --git a/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json b/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4fwj-m62q-pp47",
-  "modified": "2024-12-30T16:46:43Z",
+  "modified": "2024-12-30T18:45:09Z",
   "published": "2024-12-30T16:46:43Z",
   "aliases": [
     "CVE-2024-56733"
@@ -40,16 +40,22 @@
       "type": "WEB",
       "url": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-4fwj-m62q-pp47"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56733"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/pglombardo/PasswordPusher"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-384"
+    ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:46:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:09Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json b/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7rm3-4w6j-8xx4",
-  "modified": "2024-12-30T18:06:25Z",
+  "modified": "2024-12-30T18:45:33Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50702"
   ],
   "summary": "TeamPass mail_me operation authorization issue",
   "details": "TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-266",
       "CWE-285"
     ],
     "severity": "MODERATE",

diff --git a/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json b/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8jhw-6pjj-8723",
-  "modified": "2024-12-30T16:49:12Z",
+  "modified": "2024-12-30T18:45:17Z",
   "published": "2024-12-30T16:49:12Z",
   "aliases": [
     "CVE-2024-56734"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56734"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/better-auth/better-auth/commit/deb3d73aea90d0468d92723f4511542b593e522f"
@@ -56,6 +60,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:49:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:10Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json b/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9wmc-988h-2mv2",
-  "modified": "2024-12-30T18:06:34Z",
+  "modified": "2024-12-30T18:45:42Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50703"
   ],
   "summary": "TeamPass privileges issue",
   "details": "TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-472",
       "CWE-639"
     ],
     "severity": "CRITICAL",

diff --git a/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json b/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ggwq-xc72-33r3",
-  "modified": "2024-12-30T16:49:28Z",
+  "modified": "2024-12-30T18:44:58Z",
   "published": "2024-12-30T16:49:28Z",
   "aliases": [
     "CVE-2024-56517"
@@ -40,13 +40,21 @@
       "type": "WEB",
       "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56517"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/tltneon/lgsl"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24"
     }
   ],
   "database_specific": {
@@ -56,6 +64,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:49:28Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:09Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json b/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w95c-7994-ghpr",
-  "modified": "2024-12-27T21:07:22Z",
+  "modified": "2024-12-30T18:44:43Z",
   "published": "2024-12-27T06:30:48Z",
   "aliases": [
     "CVE-2024-56522"
   ],
   "summary": "TCPDF has incorrect comparison",
   "details": "An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -58,9 +63,10 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-697"
+      "CWE-697",
+      "CWE-843"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-27T21:07:22Z",
     "nvd_published_at": "2024-12-27T05:15:08Z"