diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23730.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23730.json new file mode 100644 index 00000000000..160e8028c92 --- /dev/null +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23730.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-23730", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-21T17:15:44.373", + "lastModified": "2024-01-21T17:15:44.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/run-llama/llama-hub/blob/v0.0.67/CHANGELOG.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/run-llama/llama-hub/pull/841/commits/9dc9c21a5c6d0226d1d2101c3121d4f085743d52", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/run-llama/llama-hub/releases/tag/v0.0.67", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23731.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23731.json new file mode 100644 index 00000000000..ea5cdc216be --- /dev/null +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23731.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23731", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-21T17:15:44.443", + "lastModified": "2024-01-21T17:15:44.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/embedchain/embedchain/pull/1122", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json new file mode 100644 index 00000000000..de84a581bb5 --- /dev/null +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23732", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-21T17:15:44.497", + "lastModified": "2024-01-21T17:15:44.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/embedchain/embedchain/pull/1122", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9f3d702bdef..be693ce617f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-21T13:00:24.281365+00:00 +2024-01-21T19:00:24.465901+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-21T12:15:07.993000+00:00 +2024-01-21T17:15:44.497000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236473 +236476 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `3` +* [CVE-2024-23730](CVE-2024/CVE-2024-237xx/CVE-2024-23730.json) (`2024-01-21T17:15:44.373`) +* [CVE-2024-23731](CVE-2024/CVE-2024-237xx/CVE-2024-23731.json) (`2024-01-21T17:15:44.443`) +* [CVE-2024-23732](CVE-2024/CVE-2024-237xx/CVE-2024-23732.json) (`2024-01-21T17:15:44.497`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-21T12:15:07.993`) ## Download and Usage