Assign IDs

vulns/.id-allocator

@@ -1 +1 @@
-68eaf5059ce6946d2752f5b18ae4d9bc0f9ffe8654234b8ae1581f43116b8a61
+ef3e928de5b854c3a5c9d1680bcc65b44bb311eacd22c1d6fd4cda0418e5a15c

vulns/cryptography/PYSEC-0000-CVE-2024-26130.yaml → vulns/cryptography/PYSEC-2024-225.yaml

@@ -1,4 +1,11 @@
-id: PYSEC-0000-CVE-2024-26130
+id: PYSEC-2024-225
+modified: 2025-02-06T00:34:24.427679Z
+published: 2024-02-21T17:15:09Z
+aliases:
+- CVE-2024-26130
+related:
+- GHSA-6vqw-3v5j-54x4
+- GHSA-6vqw-3v5j-54x4
 details: cryptography is a package designed to expose cryptographic primitives and
   recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4,
   if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose
@@ -7,34 +14,18 @@ details: cryptography is a package designed to expose cryptographic primitives a
   then a NULL pointer dereference would occur, crashing the Python process. This has
   been resolved in version 42.0.4, the first version in which a `ValueError` is properly
   raised.
-aliases:
-- CVE-2024-26130
-modified: '2025-02-06T00:34:24.427679Z'
-published: '2024-02-21T17:15:09Z'
-related:
-- GHSA-6vqw-3v5j-54x4
-- GHSA-6vqw-3v5j-54x4
-references:
-- type: ADVISORY
-  url: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
-- type: FIX
-  url: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
-- type: FIX
-  url: https://github.com/pyca/cryptography/pull/10423
-- type: REPORT
-  url: https://github.com/pyca/cryptography/pull/10423
 affected:
 - package:
-    name: cryptography
     ecosystem: PyPI
+    name: cryptography
     purl: pkg:pypi/cryptography
   ranges:
   - type: GIT
-    repo: https://github.com/pyca/cryptography
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 97d231672763cdb5959a3b191e692a362f1b9e55
     - fixed: 97d231672763cdb5959a3b191e692a362f1b9e55
+    repo: https://github.com/pyca/cryptography
   - type: ECOSYSTEM
     events:
     - introduced: 38.0.0
@@ -66,3 +57,12 @@ affected:
 severity:
 - type: CVSS_V3
   score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+references:
+- type: ADVISORY
+  url: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
+- type: FIX
+  url: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
+- type: FIX
+  url: https://github.com/pyca/cryptography/pull/10423
+- type: REPORT
+  url: https://github.com/pyca/cryptography/pull/10423

vulns/pymatgen/PYSEC-0000-CVE-2024-23346.yaml → vulns/pymatgen/PYSEC-2024-226.yaml

@@ -1,44 +1,31 @@
-id: PYSEC-0000-CVE-2024-23346
-details: Pymatgen (Python Materials Genomics) is an open-source Python library for
-  materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()`
-  method within the `pymatgen` library prior to version 2024.2.20. This method insecurely
-  utilizes `eval()` for processing input, enabling execution of arbitrary code when
-  parsing untrusted input. Version 2024.2.20 fixes this issue.
+id: PYSEC-2024-226
+modified: 2025-02-06T00:34:28.73473Z
+published: 2024-02-21T17:15:09Z
 aliases:
 - CVE-2024-23346
-modified: '2025-02-06T00:34:28.734730Z'
-published: '2024-02-21T17:15:09Z'
 related:
 - GHSA-vgv8-5cpj-qj2f
 - GHSA-vgv8-5cpj-qj2f
-references:
-- type: ADVISORY
-  url: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
-- type: EVIDENCE
-  url: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
-- type: EVIDENCE
-  url: https://www.vicarius.io/vsociety/posts/critical-security-flaw-in-pymatgen-library-cve-2024-23346
-- type: FIX
-  url: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
-- type: WEB
-  url: https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108
-- type: WEB
-  url: https://www.vicarius.io/vsociety/posts/critical-security-flaw-in-pymatgen-library-cve-2024-23346
+details: Pymatgen (Python Materials Genomics) is an open-source Python library for
+  materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()`
+  method within the `pymatgen` library prior to version 2024.2.20. This method insecurely
+  utilizes `eval()` for processing input, enabling execution of arbitrary code when
+  parsing untrusted input. Version 2024.2.20 fixes this issue.
 affected:
 - package:
-    name: pymatgen
     ecosystem: PyPI
+    name: pymatgen
     purl: pkg:pypi/pymatgen
   ranges:
   - type: GIT
-    repo: https://github.com/materialsproject/pymatgen
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
     - fixed: c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
+    repo: https://github.com/materialsproject/pymatgen
   - type: ECOSYSTEM
     events:
-    - introduced: '0'
+    - introduced: "0"
     - fixed: 2024.2.20
   versions:
   - 1.0.4
@@ -417,3 +404,16 @@ affected:
 severity:
 - type: CVSS_V3
   score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+references:
+- type: ADVISORY
+  url: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
+- type: EVIDENCE
+  url: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
+- type: EVIDENCE
+  url: https://www.vicarius.io/vsociety/posts/critical-security-flaw-in-pymatgen-library-cve-2024-23346
+- type: FIX
+  url: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
+- type: WEB
+  url: https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108
+- type: WEB
+  url: https://www.vicarius.io/vsociety/posts/critical-security-flaw-in-pymatgen-library-cve-2024-23346