Skip to content

Commit ef87364

Browse files
advisory-database[bot]advisory-database[bot]
authored
Merge pull request #6088 from github/uiolee-GHSA-x2jc-989c-47q4 
2 parents e1f3663 + 21def0e commit ef87364

File tree

1 file changed

+33
-5
lines changed

1 file changed

+33
-5
lines changed

advisories/unreviewed/2023/09/GHSA-x2jc-989c-47q4/GHSA-x2jc-989c-47q4.json

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,43 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-x2jc-989c-47q4",
4-
"modified": "2024-04-04T07:34:09Z",
4+
"modified": "2024-09-26T21:31:10Z",
55
"published": "2023-09-08T15:30:18Z",
66
"aliases": [
77
"CVE-2023-39584"
88
],
9-
"details": "Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.",
9+
"summary": "hexo \"include_code\" path traversal",
10+
"details": "Hexo up to v7.1.1 was discovered to contain an arbitrary file read vulnerability.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
13-
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "hexo"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "7.2.0"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 7.1.1"
38+
}
1439
}
1540
],
16-
"affected": [],
1741
"references": [
1842
{
1943
"type": "ADVISORY",
@@ -27,6 +51,10 @@
2751
"type": "WEB",
2852
"url": "https://github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.js#L49"
2953
},
54+
{
55+
"type": "PACKAGE",
56+
"url": "https://github.com/hexojs/hexo/blob/cefee921153ba597316457f4fedf7b87b6516917/lib/plugins/tag/include_code.ts#L50"
57+
},
3058
{
3159
"type": "WEB",
3260
"url": "https://www.gem-love.com/2023/07/25/hexo%E5%8D%9A%E5%AE%A2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%92%8C%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/#undefined"
@@ -36,7 +64,7 @@
3664
"cwe_ids": [
3765
"CWE-22"
3866
],
39-
"severity": "HIGH",
67+
"severity": "LOW",
4068
"github_reviewed": false,
4169
"github_reviewed_at": null,
4270
"nvd_published_at": "2023-09-08T13:15:07Z"

0 commit comments

Comments
 (0)