From e367ce3a96291a96e503b013034a857ad2298b96 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Mon, 30 Dec 2024 18:46:37 +0000
Subject: [PATCH] Publish Advisories

GHSA-2697-96mv-3gfm
GHSA-4fwj-m62q-pp47
GHSA-7rm3-4w6j-8xx4
GHSA-8jhw-6pjj-8723
GHSA-9wmc-988h-2mv2
GHSA-ggwq-xc72-33r3
GHSA-w95c-7994-ghpr
---
 .../GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json   |  7 ++++++-
 .../GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json   | 12 +++++++++---
 .../GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json   |  7 ++++++-
 .../GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json   |  8 ++++++--
 .../GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json   |  7 ++++++-
 .../GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json   | 12 ++++++++++--
 .../GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json   | 14 ++++++++++----
 7 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json b/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json
index 44c7ab4850191..c2cb86adb88d6 100644
--- a/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json
+++ b/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2697-96mv-3gfm",
-  "modified": "2024-12-30T18:06:11Z",
+  "modified": "2024-12-30T18:45:26Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50701"
@@ -9,6 +9,10 @@
   "summary": "TeamPass does not properly check whether a folder is in a user's allowed folders list",
   "details": "TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-266",
       "CWE-285"
     ],
     "severity": "MODERATE",
diff --git a/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json b/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json
index 1c6903d4ca3f9..43c5dba797d35 100644
--- a/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json
+++ b/advisories/github-reviewed/2024/12/GHSA-4fwj-m62q-pp47/GHSA-4fwj-m62q-pp47.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4fwj-m62q-pp47",
-  "modified": "2024-12-30T16:46:43Z",
+  "modified": "2024-12-30T18:45:09Z",
   "published": "2024-12-30T16:46:43Z",
   "aliases": [
     "CVE-2024-56733"
@@ -40,16 +40,22 @@
       "type": "WEB",
       "url": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-4fwj-m62q-pp47"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56733"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/pglombardo/PasswordPusher"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-384"
+    ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:46:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:09Z"
   }
 }
\ No newline at end of file
diff --git a/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json b/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json
index 434114bfe2bf3..87b799ebfe977 100644
--- a/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json
+++ b/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7rm3-4w6j-8xx4",
-  "modified": "2024-12-30T18:06:25Z",
+  "modified": "2024-12-30T18:45:33Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50702"
@@ -9,6 +9,10 @@
   "summary": "TeamPass mail_me operation authorization issue",
   "details": "TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-266",
       "CWE-285"
     ],
     "severity": "MODERATE",
diff --git a/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json b/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json
index ea4cd041f8cbe..4bc99df8797e6 100644
--- a/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json
+++ b/advisories/github-reviewed/2024/12/GHSA-8jhw-6pjj-8723/GHSA-8jhw-6pjj-8723.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8jhw-6pjj-8723",
-  "modified": "2024-12-30T16:49:12Z",
+  "modified": "2024-12-30T18:45:17Z",
   "published": "2024-12-30T16:49:12Z",
   "aliases": [
     "CVE-2024-56734"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56734"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/better-auth/better-auth/commit/deb3d73aea90d0468d92723f4511542b593e522f"
@@ -56,6 +60,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:49:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:10Z"
   }
 }
\ No newline at end of file
diff --git a/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json b/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json
index c23fbec970bc2..791e41bd66c47 100644
--- a/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json
+++ b/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9wmc-988h-2mv2",
-  "modified": "2024-12-30T18:06:34Z",
+  "modified": "2024-12-30T18:45:42Z",
   "published": "2024-12-30T15:31:59Z",
   "aliases": [
     "CVE-2024-50703"
@@ -9,6 +9,10 @@
   "summary": "TeamPass privileges issue",
   "details": "TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -59,6 +63,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-472",
       "CWE-639"
     ],
     "severity": "CRITICAL",
diff --git a/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json b/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json
index aecf84caebf84..448a7fe0f88e9 100644
--- a/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json
+++ b/advisories/github-reviewed/2024/12/GHSA-ggwq-xc72-33r3/GHSA-ggwq-xc72-33r3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ggwq-xc72-33r3",
-  "modified": "2024-12-30T16:49:28Z",
+  "modified": "2024-12-30T18:44:58Z",
   "published": "2024-12-30T16:49:28Z",
   "aliases": [
     "CVE-2024-56517"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56517"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1"
@@ -47,6 +51,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/tltneon/lgsl"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24"
     }
   ],
   "database_specific": {
@@ -56,6 +64,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-30T16:49:28Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-12-30T17:15:09Z"
   }
 }
\ No newline at end of file
diff --git a/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json b/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json
index 656aae29f7e70..ac97315a2b485 100644
--- a/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json
+++ b/advisories/github-reviewed/2024/12/GHSA-w95c-7994-ghpr/GHSA-w95c-7994-ghpr.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w95c-7994-ghpr",
-  "modified": "2024-12-27T21:07:22Z",
+  "modified": "2024-12-30T18:44:43Z",
   "published": "2024-12-27T06:30:48Z",
   "aliases": [
     "CVE-2024-56522"
   ],
   "summary": "TCPDF has incorrect comparison",
   "details": "An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -58,9 +63,10 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-697"
+      "CWE-697",
+      "CWE-843"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2024-12-27T21:07:22Z",
     "nvd_published_at": "2024-12-27T05:15:08Z"