From 21a9489f2a61ba8ff8a2ff026cdb5c8ffa2dc9e0 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sun, 13 Apr 2025 23:27:33 +0000
Subject: [PATCH] Publish Advisories

GHSA-9hx9-w2j6-rw76
GHSA-g7pj-3v97-3vxp
GHSA-rvq6-mrpv-m6rm
---
 .../GHSA-9hx9-w2j6-rw76.json                    |  6 +++---
 .../GHSA-g7pj-3v97-3vxp.json                    | 17 +++++++++++++++--
 .../GHSA-rvq6-mrpv-m6rm.json                    |  2 +-
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/advisories/github-reviewed/2017/10/GHSA-9hx9-w2j6-rw76/GHSA-9hx9-w2j6-rw76.json b/advisories/github-reviewed/2017/10/GHSA-9hx9-w2j6-rw76/GHSA-9hx9-w2j6-rw76.json
index 27c4c5cb28a..ac357d9cd12 100644
--- a/advisories/github-reviewed/2017/10/GHSA-9hx9-w2j6-rw76/GHSA-9hx9-w2j6-rw76.json
+++ b/advisories/github-reviewed/2017/10/GHSA-9hx9-w2j6-rw76/GHSA-9hx9-w2j6-rw76.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9hx9-w2j6-rw76",
-  "modified": "2023-07-05T18:52:49Z",
+  "modified": "2025-04-13T23:26:43Z",
   "published": "2017-10-24T18:33:37Z",
   "aliases": [
     "CVE-2013-2105"
@@ -30,8 +30,8 @@
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84378"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-9hx9-w2j6-rw76"
+      "type": "PACKAGE",
+      "url": "https://github.com/jonleung/show_in_browser"
     },
     {
       "type": "WEB",
diff --git a/advisories/github-reviewed/2022/05/GHSA-g7pj-3v97-3vxp/GHSA-g7pj-3v97-3vxp.json b/advisories/github-reviewed/2022/05/GHSA-g7pj-3v97-3vxp/GHSA-g7pj-3v97-3vxp.json
index d5671a5e84b..2927035d7d1 100644
--- a/advisories/github-reviewed/2022/05/GHSA-g7pj-3v97-3vxp/GHSA-g7pj-3v97-3vxp.json
+++ b/advisories/github-reviewed/2022/05/GHSA-g7pj-3v97-3vxp/GHSA-g7pj-3v97-3vxp.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7pj-3v97-3vxp",
-  "modified": "2023-08-16T23:23:36Z",
+  "modified": "2025-04-13T23:25:48Z",
   "published": "2022-05-17T04:46:09Z",
   "aliases": [
     "CVE-2014-2921"
   ],
   "summary": "Pimcore Vulnerable to PHP Object Injection Attacks",
   "details": "The `getObjectByToken` function in `Newsletter.php` in the `Pimcore_Tool_Newsletter` module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a `Zend_Pdf_ElementFactory_Proxy` object and a pathname with a trailing `\\0` character.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -43,6 +48,14 @@
       "type": "WEB",
       "url": "https://github.com/pedrib/PoC/blob/caa03645e256a8b50f1101c983d39586ebc467ee/advisories/pimcore-2.1.0.txt"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/pimcore/pimcore"
+    },
     {
       "type": "WEB",
       "url": "http://openwall.com/lists/oss-security/2014/04/21/1"
diff --git a/advisories/github-reviewed/2022/05/GHSA-rvq6-mrpv-m6rm/GHSA-rvq6-mrpv-m6rm.json b/advisories/github-reviewed/2022/05/GHSA-rvq6-mrpv-m6rm/GHSA-rvq6-mrpv-m6rm.json
index 9dd1c0414ca..42ac3ddebef 100644
--- a/advisories/github-reviewed/2022/05/GHSA-rvq6-mrpv-m6rm/GHSA-rvq6-mrpv-m6rm.json
+++ b/advisories/github-reviewed/2022/05/GHSA-rvq6-mrpv-m6rm/GHSA-rvq6-mrpv-m6rm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rvq6-mrpv-m6rm",
-  "modified": "2024-09-16T22:13:37Z",
+  "modified": "2025-04-13T23:27:03Z",
   "published": "2022-05-17T03:07:04Z",
   "aliases": [
     "CVE-2014-0472"