Back-fill and add 'modified' date

pypa · Nov 25, 2024 · ab5bd11 · ab5bd11
1 parent f3d3239
commit ab5bd11
Show file tree

Hide file tree

Showing 69 changed files with 339 additions and 4,446 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,4 +4,4 @@ repos:
   hooks:
   - id: check-jsonschema
     files: "^vulns/[a-z0-9_-]+/.+\\.yaml"
-    args: [--schemafile, "https://raw.githubusercontent.com/ossf/osv-schema/refs/tags/v1.6.7/validation/schema.json", --no-cache]
+    args: [--schemafile, "./.github/osv-schema.json"]
diff --git a/vulns/ansible-runner/PYSEC-2022-43067.yaml b/vulns/ansible-runner/PYSEC-2022-43067.yaml
@@ -5,74 +5,28 @@ affected:
     purl: pkg:pypi/ansible-runner
   ranges:
   - events:
-    - introduced: '0'
+    - introduced: 2.0.0
+    - fixed: 2.1.0
     type: ECOSYSTEM
   versions:
-  - 1.0.1
-  - 1.0.2
-  - 1.0.3
-  - 1.0.4
-  - 1.0.5
-  - 1.1.0
-  - 1.1.1
-  - 1.1.2
-  - 1.2.0
-  - 1.3.0
-  - 1.3.1
-  - 1.3.2
-  - 1.3.3
-  - 1.3.4
-  - 1.4.0
-  - 1.4.1
-  - 1.4.2
-  - 1.4.4
-  - 1.4.5
-  - 1.4.6
-  - 1.4.7
-  - 1.4.8
-  - 1.4.9
   - 2.0.0
-  - 2.0.0.0a5
-  - 2.0.0.0b1
-  - 2.0.0.0rc1
-  - 2.0.0.0rc2
-  - 2.0.0.0rc3
-  - 2.0.0a1
-  - 2.0.0a2
-  - 2.0.0a3
-  - 2.0.0a4
   - 2.0.1
   - 2.0.2
   - 2.0.3
   - 2.0.4
-  - 2.1.0
   - 2.1.0.0a1
   - 2.1.0.0a2
   - 2.1.0.0b1
-  - 2.1.1
-  - 2.1.2
-  - 2.1.3
-  - 2.1.4
-  - 2.2.0
-  - 2.2.1
-  - 2.2.2
-  - 2.3.0
-  - 2.3.1
-  - 2.3.2
-  - 2.3.3
-  - 2.3.4
-  - 2.3.5
-  - 2.3.6
-  - 2.4.0
 aliases:
 - CVE-2021-3701
+- GHSA-wwch-cmqr-hhrm
 details: A flaw was found in ansible-runner where the default temporary files configuration
   in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker
   to pre-create the directory, resulting in reading private information or forcing
   ansible-runner to write files as the legitimate user in a place they did not expect.
   The highest threat from this vulnerability is to confidentiality and integrity.
 id: PYSEC-2022-43067
-modified: '2024-11-21T14:22:40.36338Z'
+modified: '2024-11-25T18:33:04.123836Z'
 published: '2022-08-23T16:15:00Z'
 references:
 - type: ADVISORY
@@ -92,4 +46,3 @@ references:
 severity:
 - score: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
   type: CVSS_V3
-withdrawn: '2024-11-22T04:37:03Z'
diff --git a/vulns/ansible-runner/PYSEC-2022-43068.yaml b/vulns/ansible-runner/PYSEC-2022-43068.yaml
@@ -5,74 +5,28 @@ affected:
     purl: pkg:pypi/ansible-runner
   ranges:
   - events:
-    - introduced: '0'
+    - introduced: 2.0.0
+    - fixed: 2.1.0
     type: ECOSYSTEM
   versions:
-  - 1.0.1
-  - 1.0.2
-  - 1.0.3
-  - 1.0.4
-  - 1.0.5
-  - 1.1.0
-  - 1.1.1
-  - 1.1.2
-  - 1.2.0
-  - 1.3.0
-  - 1.3.1
-  - 1.3.2
-  - 1.3.3
-  - 1.3.4
-  - 1.4.0
-  - 1.4.1
-  - 1.4.2
-  - 1.4.4
-  - 1.4.5
-  - 1.4.6
-  - 1.4.7
-  - 1.4.8
-  - 1.4.9
   - 2.0.0
-  - 2.0.0.0a5
-  - 2.0.0.0b1
-  - 2.0.0.0rc1
-  - 2.0.0.0rc2
-  - 2.0.0.0rc3
-  - 2.0.0a1
-  - 2.0.0a2
-  - 2.0.0a3
-  - 2.0.0a4
   - 2.0.1
   - 2.0.2
   - 2.0.3
   - 2.0.4
-  - 2.1.0
   - 2.1.0.0a1
   - 2.1.0.0a2
   - 2.1.0.0b1
-  - 2.1.1
-  - 2.1.2
-  - 2.1.3
-  - 2.1.4
-  - 2.2.0
-  - 2.2.1
-  - 2.2.2
-  - 2.3.0
-  - 2.3.1
-  - 2.3.2
-  - 2.3.3
-  - 2.3.4
-  - 2.3.5
-  - 2.3.6
-  - 2.4.0
 aliases:
 - CVE-2021-3702
+- GHSA-772j-xvf9-qpf5
 details: A race condition flaw was found in ansible-runner, where an attacker could
   watch for rapid creation and deletion of a temporary directory, substitute their
   directory at that name, and then have access to ansible-runner's private_data_dir
   the next time ansible-runner made use of the private_data_dir. The highest Threat
   out of this flaw is to integrity and confidentiality.
 id: PYSEC-2022-43068
-modified: '2024-11-21T14:22:40.419413Z'
+modified: '2024-11-25T18:33:04.123836Z'
 published: '2022-08-23T16:15:00Z'
 references:
 - type: REPORT
@@ -90,4 +44,3 @@ references:
 severity:
 - score: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
   type: CVSS_V3
-withdrawn: '2024-11-22T04:37:03Z'
diff --git a/vulns/apache-iotdb/PYSEC-2022-43069.yaml b/vulns/apache-iotdb/PYSEC-2022-43069.yaml
@@ -2,53 +2,17 @@ affected:
 - package:
     ecosystem: PyPI
     name: apache-iotdb
-    purl: pkg:pypi/apache-iotdb
   ranges:
   - events:
     - introduced: '0'
+    - fixed: 0.13.1
     type: ECOSYSTEM
-  versions:
-  - 0.10.0
-  - 0.10.1
-  - 0.11.0
-  - 0.11.1
-  - 0.11.2
-  - 0.11.3
-  - 0.11.4
-  - 0.12.0
-  - 0.12.1
-  - 0.12.2
-  - 0.12.3
-  - 0.12.4
-  - 0.12.5
-  - 0.12.6
-  - 0.13.0
-  - 0.13.0.post1
-  - 0.13.1
-  - 0.13.2
-  - 0.13.3
-  - 0.13.5
-  - 0.13.5.1
-  - 0.14.0rc1
-  - 0.9.0
-  - 0.9.2
-  - 0.9.3
-  - 1.0.0
-  - 1.0.1
-  - 1.1.0
-  - 1.1.2
-  - 1.2.0
-  - 1.2.1
-  - 1.3.0
-  - 1.3.2
-  - 1.3.2.post0
-  - 1.3.3
 aliases:
 - CVE-2022-38369
 details: Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should
   upgrade to version 0.13.1 which addresses this issue.
 id: PYSEC-2022-43069
-modified: '2024-11-21T14:22:40.851901Z'
+modified: '2024-11-25T18:33:04.123836Z'
 published: '2022-09-05T10:15:00Z'
 references:
 - type: ARTICLE
@@ -62,4 +26,3 @@ references:
 severity:
 - score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
   type: CVSS_V3
-withdrawn: '2024-11-22T04:37:03Z'
diff --git a/vulns/api-res-py/PYSEC-2022-43071.yaml b/vulns/api-res-py/PYSEC-2022-43071.yaml
@@ -2,19 +2,17 @@ affected:
 - package:
     ecosystem: PyPI
     name: api-res-py
-    purl: pkg:pypi/api-res-py
   ranges:
   - events:
     - introduced: '0'
+    - last_affected: '0.1'
     type: ECOSYSTEM
-  versions:
-  - '0.1'
 aliases:
 - CVE-2022-31313
 details: api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor
   in the request package.
 id: PYSEC-2022-43071
-modified: '2024-11-21T14:22:40.957734Z'
+modified: '2024-11-25T18:33:04.123836Z'
 published: '2022-06-08T20:15:00Z'
 references:
 - type: REPORT
@@ -26,4 +24,3 @@ references:
 severity:
 - score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
   type: CVSS_V3
-withdrawn: '2024-11-22T04:37:03Z'
diff --git a/vulns/chia-blockchain/PYSEC-2022-43072.yaml b/vulns/chia-blockchain/PYSEC-2022-43072.yaml
@@ -6,6 +6,7 @@ affected:
   ranges:
   - events:
     - introduced: '0'
+    - last_affected: 2.4.4rc3
     type: ECOSYSTEM
   versions:
   - '0.1'
@@ -190,12 +191,12 @@ affected:
   - 2.4.3rc1
   - 2.4.3rc2
   - 2.4.3rc3
-  - 2.4.4
   - 2.4.4rc1
   - 2.4.4rc2
   - 2.4.4rc3
 aliases:
 - CVE-2022-36447
+- GHSA-pvjg-jwp3-mrj5
 details: An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously
   minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated
   to an arbitrary extent by any holder of any amount of the token. The total amount
@@ -204,7 +205,7 @@ details: An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0.
   is auditable on chain, so maliciously altered coins can potentially be marked by
   off-chain observers as malicious.
 id: PYSEC-2022-43072
-modified: '2024-11-21T14:22:41.861085Z'
+modified: '2024-11-25T18:33:04.123836Z'
 published: '2022-07-29T21:15:00Z'
 references:
 - type: ADVISORY
@@ -214,4 +215,3 @@ references:
 severity:
 - score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
   type: CVSS_V3
-withdrawn: '2024-11-22T04:37:03Z'