Assign IDs

vulns/.id-allocator

@@ -1 +1 @@
-1181a46a10cf52aa16e800ab7fa284499f217e56746dcd0286f1cf1235cfcdca
+d7bbd31882049b2059396968d6f9fb56de08d03f6be1aeba5525b6ed9d9193df

vulns/apache-airflow/PYSEC-0000-CVE-2022-43982.yaml → vulns/apache-airflow/PYSEC-2022-42970.yaml

@@ -1,21 +1,6 @@
-id: PYSEC-0000-CVE-2022-43982
+id: PYSEC-2022-42970
 details: In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config"
   screen was susceptible to XSS attacks via the `origin` query argument.
-aliases:
-- CVE-2022-43982
-modified: '2022-11-07T01:10:28.198195Z'
-published: '2022-11-02T12:15:00Z'
-references:
-- type: REPORT
-  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
-- type: ARTICLE
-  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
-- type: ADVISORY
-  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
-- type: REPORT
-  url: https://github.com/apache/airflow/pull/27143
-- type: WEB
-  url: https://github.com/apache/airflow/pull/27143
 affected:
 - package:
     name: apache-airflow
@@ -24,7 +9,7 @@ affected:
   ranges:
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 2.4.2
   versions:
   - 1.10.0
@@ -152,3 +137,18 @@ affected:
   - 2.4.1
   - 2.4.1rc1
   - 2.4.2rc1
+references:
+- type: REPORT
+  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
+- type: ARTICLE
+  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
+- type: ADVISORY
+  url: https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
+- type: REPORT
+  url: https://github.com/apache/airflow/pull/27143
+- type: WEB
+  url: https://github.com/apache/airflow/pull/27143
+aliases:
+- CVE-2022-43982
+modified: "2022-11-07T01:10:28.198195Z"
+published: "2022-11-02T12:15:00Z"

vulns/apache-airflow/PYSEC-0000-CVE-2022-43985.yaml → vulns/apache-airflow/PYSEC-2022-42971.yaml

@@ -1,23 +1,6 @@
-id: PYSEC-0000-CVE-2022-43985
+id: PYSEC-2022-42971
 details: In Apache Airflow versions prior to 2.4.2, there was an open redirect in
   the webserver's `/confirm` endpoint.
-aliases:
-- CVE-2022-43985
-modified: '2022-11-07T01:10:28.239756Z'
-published: '2022-11-02T12:15:00Z'
-references:
-- type: REPORT
-  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
-- type: ARTICLE
-  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
-- type: ADVISORY
-  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
-- type: REPORT
-  url: https://github.com/apache/airflow/pull/27143
-- type: FIX
-  url: https://github.com/apache/airflow/pull/27143
-- type: WEB
-  url: https://github.com/apache/airflow/pull/27143
 affected:
 - package:
     name: apache-airflow
@@ -26,7 +9,7 @@ affected:
   ranges:
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 2.4.2
   versions:
   - 1.10.0
@@ -154,3 +137,20 @@ affected:
   - 2.4.1
   - 2.4.1rc1
   - 2.4.2rc1
+references:
+- type: REPORT
+  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
+- type: ARTICLE
+  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
+- type: ADVISORY
+  url: https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
+- type: REPORT
+  url: https://github.com/apache/airflow/pull/27143
+- type: FIX
+  url: https://github.com/apache/airflow/pull/27143
+- type: WEB
+  url: https://github.com/apache/airflow/pull/27143
+aliases:
+- CVE-2022-43985
+modified: "2022-11-07T01:10:28.239756Z"
+published: "2022-11-02T12:15:00Z"

vulns/apache-iotdb/PYSEC-0000-CVE-2022-43766.yaml → vulns/apache-iotdb/PYSEC-2022-42972.yaml

@@ -1,17 +1,8 @@
-id: PYSEC-0000-CVE-2022-43766
+id: PYSEC-2022-42972
 details: Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to
   a Denial of Service attack when accepting untrusted patterns for REGEXP queries
   with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a
   later version of Java to avoid it.
-aliases:
-- CVE-2022-43766
-modified: '2022-11-07T01:10:28.383734Z'
-published: '2022-10-26T16:15:00Z'
-references:
-- type: ARTICLE
-  url: https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn
-- type: ADVISORY
-  url: https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn
 affected:
 - package:
     name: apache-iotdb
@@ -30,3 +21,12 @@ affected:
   - 0.12.4
   - 0.12.5
   - 0.12.6
+references:
+- type: ARTICLE
+  url: https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn
+- type: ADVISORY
+  url: https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn
+aliases:
+- CVE-2022-43766
+modified: "2022-11-07T01:10:28.383734Z"
+published: "2022-10-26T16:15:00Z"

vulns/flower/PYSEC-0000-CVE-2022-30034.yaml → vulns/flower/PYSEC-2022-42973.yaml

@@ -1,4 +1,4 @@
-id: PYSEC-0000-CVE-2022-30034
+id: PYSEC-2022-42973
 details: Flower, a web UI for the Celery Python RPC framework, all versions as of
   05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then
   access the Flower API to discover and invoke arbitrary Celery RPC calls or deny

vulns/jupyter-core/PYSEC-0000-CVE-2022-39286.yaml → vulns/jupyter-core/PYSEC-2022-42974.yaml

@@ -1,19 +1,9 @@
-id: PYSEC-0000-CVE-2022-39286
+id: PYSEC-2022-42974
 details: Jupyter Core is a package for the core common functionality of Jupyter projects.
   Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability
   in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD.
   This vulnerability allows one user to run code as another. Version 4.11.2 contains
   a patch for this issue. There are no known workarounds.
-aliases:
-- CVE-2022-39286
-- GHSA-m678-f26j-3hrp
-modified: '2022-11-07T01:10:28.819496Z'
-published: '2022-10-26T20:15:00Z'
-references:
-- type: FIX
-  url: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283
-- type: ADVISORY
-  url: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
 affected:
 - package:
     name: jupyter-core
@@ -23,11 +13,11 @@ affected:
   - type: GIT
     repo: https://github.com/jupyter/jupyter_core
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 1118c8ce01800cb689d51f655f5ccef19516e283
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 5.0.0rc0
   versions:
   - 4.0.0
@@ -67,3 +57,13 @@ affected:
   - 4.9.1
   - 4.9.1rc0
   - 4.9.2
+references:
+- type: FIX
+  url: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283
+- type: ADVISORY
+  url: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
+aliases:
+- CVE-2022-39286
+- GHSA-m678-f26j-3hrp
+modified: "2022-11-07T01:10:28.819496Z"
+published: "2022-10-26T20:15:00Z"

vulns/octoprint/PYSEC-0000-CVE-2022-3607.yaml → vulns/octoprint/PYSEC-2022-42975.yaml

@@ -1,4 +1,4 @@
-id: PYSEC-0000-CVE-2022-3607
+id: PYSEC-2022-42975
 details: Failure to Sanitize Special Elements into a Different Plane (Special Element
   Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
 affected:

vulns/pyspark/PYSEC-0000-CVE-2022-31777.yaml → vulns/pyspark/PYSEC-2022-42976.yaml

@@ -1,17 +1,8 @@
-id: PYSEC-0000-CVE-2022-31777
+id: PYSEC-2022-42976
 details: A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and
   earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the
   web browser of a user, by including a malicious payload into the logs which would
   be returned in logs rendered in the UI.
-aliases:
-- CVE-2022-31777
-modified: '2022-11-07T01:10:29.334199Z'
-published: '2022-11-01T16:15:00Z'
-references:
-- type: ARTICLE
-  url: https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
-- type: WEB
-  url: https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
 affected:
 - package:
     name: pyspark
@@ -20,7 +11,7 @@ affected:
   ranges:
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 3.2.2
   versions:
   - 2.1.1
@@ -53,3 +44,12 @@ affected:
   - 3.1.3
   - 3.2.0
   - 3.2.1
+references:
+- type: ARTICLE
+  url: https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
+- type: WEB
+  url: https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
+aliases:
+- CVE-2022-31777
+modified: "2022-11-07T01:10:29.334199Z"
+published: "2022-11-01T16:15:00Z"

vulns/rdiffweb/PYSEC-0000-CVE-2022-3327.yaml → vulns/rdiffweb/PYSEC-2022-42977.yaml

@@ -1,15 +1,6 @@
-id: PYSEC-0000-CVE-2022-3327
+id: PYSEC-2022-42977
 details: Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb
   prior to 2.5.0a6.
-aliases:
-- CVE-2022-3327
-modified: '2022-11-07T01:10:29.482920Z'
-published: '2022-10-20T00:15:00Z'
-references:
-- type: FIX
-  url: https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
-- type: WEB
-  url: https://huntr.dev/bounties/02207c8f-2b15-4a31-a86a-74fd2fca0ed1
 affected:
 - package:
     name: rdiffweb
@@ -19,11 +10,11 @@ affected:
   - type: GIT
     repo: https://github.com/ikus060/rdiffweb
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 2.4.10
   versions:
   - 0.10.0
@@ -109,3 +100,12 @@ affected:
   - 2.4.7
   - 2.4.8
   - 2.4.9
+references:
+- type: FIX
+  url: https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
+- type: WEB
+  url: https://huntr.dev/bounties/02207c8f-2b15-4a31-a86a-74fd2fca0ed1
+aliases:
+- CVE-2022-3327
+modified: "2022-11-07T01:10:29.482920Z"
+published: "2022-10-20T00:15:00Z"