Descriptions contain newlines and other characters #21
Comments
|
Using newlines for formatting text helps CNAs communicate information. e.g., a mitigation: CNAs have already submitted data based on characters per line and information could be lost if everything is now concatenated. There does need to be a lot of cleanup. There should be no newlines at either end of a string. Carriage returns CVE-2022-38705.json: |
|
Extra newlines is a bug in Vulnogram, that will be fixed. |
Hi,
While parsing CVE 5 records, I have found multiple issues with non-sanitized descriptions. That includes leading or trailing whitespaces, (multiple) newlines in the middle of a description, for example. Some cases:
./cves/2021/41xxx/CVE-2021-41144.json
"OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.\n\n\n"
./cves/2021/45xxx/CVE-2021-45448.json
"Pentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds. \n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. By using special elements such as \n".." and "/" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\n\n\n\n"
Would be nice to have descriptions somewhat sanitized into a single string.
The text was updated successfully, but these errors were encountered: