https
GET
api.github.com
None
/advisories?ghsa_id=GHSA-9324-jv53-9cc8
{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
None
200
[('Server', 'GitHub.com'), ('Date', 'Sat, 29 Jul 2023 02:25:17 GMT'), ('Content-Type', 'application/json; charset=utf-8'), ('Transfer-Encoding', 'chunked'), ('Cache-Control', 'private, max-age=60, s-maxage=60'), ('Vary', 'Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With'), ('ETag', 'W/"50b5a7d3d24f29f08f0def324f1697b39b5bc1594b7a2f56a7fec80f33ca7bbf"'), ('Last-Modified', 'Wed, 22 Mar 2023 01:39:28 GMT'), ('X-OAuth-Scopes', 'gist, read:org, repo'), ('X-Accepted-OAuth-Scopes', ''), ('github-authentication-token-expiration', '2023-08-25 20:47:49 UTC'), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('x-github-api-version-selected', '2022-11-28'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4989'), ('X-RateLimit-Reset', '1690600508'), ('X-RateLimit-Used', '11'), ('X-RateLimit-Resource', 'core'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '0'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Content-Encoding', 'gzip'), ('X-GitHub-Request-Id', 'ADEA:51D4:17628CB:2F5A005:64C4788D')]
[{"ghsa_id":"GHSA-9324-jv53-9cc8","cve_id":"CVE-2021-31402","url":"https://api.github.com/advisories/GHSA-9324-jv53-9cc8","html_url":"https://github.com/advisories/GHSA-9324-jv53-9cc8","summary":"dio vulnerable to CRLF injection with HTTP method string","description":"### Impact\nThe dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.\n\n### Patches\nThe vulnerability has been resolved by https://github.com/cfug/dio/commit/927f79e93ba39f3c3a12c190624a55653d577984, and included since v5.0.0.\n\n### Workarounds\nCherry-pick the commit to your own fork can resolves the vulberability too.\n\n### References\n- https://nvd.nist.gov/vuln/detail/CVE-2021-31402\n- https://osv.dev/GHSA-jwpw-q68h-r678\n- https://github.com/cfug/dio/issues/1130\n- https://github.com/cfug/dio/issues/1752\n","type":"reviewed","severity":"high","repository_advisory_url":"https://api.github.com/repos/cfug/dio/security-advisories/GHSA-9324-jv53-9cc8","source_code_location":"https://github.com/cfug/dio","identifiers":[{"value":"GHSA-9324-jv53-9cc8","type":"GHSA"},{"value":"CVE-2021-31402","type":"CVE"}],"references":["https://github.com/cfug/dio/security/advisories/GHSA-9324-jv53-9cc8","https://nvd.nist.gov/vuln/detail/CVE-2021-31402","https://github.com/cfug/dio/issues/1752","https://github.com/flutterchina/dio/issues/1130","https://github.com/cfug/dio/commit/927f79e93ba39f3c3a12c190624a55653d577984","https://osv.dev/GHSA-jwpw-q68h-r678","https://github.com/advisories/GHSA-9324-jv53-9cc8"],"published_at":"2023-03-21T22:41:11Z","updated_at":"2023-03-22T01:39:28Z","github_reviewed_at":"2023-03-21T22:41:11Z","nvd_published_at":null,"withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"pub","name":"dio"},"vulnerable_version_range":"< 5.0.0","first_patched_version":"5.0.0","vulnerable_functions":[]}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","score":7.5},"cwes":[{"cwe_id":"CWE-74","name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"},{"cwe_id":"CWE-88","name":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"},{"cwe_id":"CWE-93","name":"Improper Neutralization of CRLF Sequences ('CRLF Injection')"}],"credits":[{"user":{"login":"licy183","id":45286352,"node_id":"MDQ6VXNlcjQ1Mjg2MzUy","avatar_url":"https://avatars.githubusercontent.com/u/45286352?v=4","gravatar_id":"","url":"https://api.github.com/users/licy183","html_url":"https://github.com/licy183","followers_url":"https://api.github.com/users/licy183/followers","following_url":"https://api.github.com/users/licy183/following{/other_user}","gists_url":"https://api.github.com/users/licy183/gists{/gist_id}","starred_url":"https://api.github.com/users/licy183/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/licy183/subscriptions","organizations_url":"https://api.github.com/users/licy183/orgs","repos_url":"https://api.github.com/users/licy183/repos","events_url":"https://api.github.com/users/licy183/events{/privacy}","received_events_url":"https://api.github.com/users/licy183/received_events","type":"User","site_admin":false},"type":"reporter"},{"user":{"login":"AlexV525","id":15884415,"node_id":"MDQ6VXNlcjE1ODg0NDE1","avatar_url":"https://avatars.githubusercontent.com/u/15884415?v=4","gravatar_id":"","url":"https://api.github.com/users/AlexV525","html_url":"https://github.com/AlexV525","followers_url":"https://api.github.com/users/AlexV525/followers","following_url":"https://api.github.com/users/AlexV525/following{/other_user}","gists_url":"https://api.github.com/users/AlexV525/gists{/gist_id}","starred_url":"https://api.github.com/users/AlexV525/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/AlexV525/subscriptions","organizations_url":"https://api.github.com/users/AlexV525/orgs","repos_url":"https://api.github.com/users/AlexV525/repos","events_url":"https://api.github.com/users/AlexV525/events{/privacy}","received_events_url":"https://api.github.com/users/AlexV525/received_events","type":"User","site_admin":false},"type":"remediation_developer"},{"user":{"login":"set0x","id":15133015,"node_id":"MDQ6VXNlcjE1MTMzMDE1","avatar_url":"https://avatars.githubusercontent.com/u/15133015?v=4","gravatar_id":"","url":"https://api.github.com/users/set0x","html_url":"https://github.com/set0x","followers_url":"https://api.github.com/users/set0x/followers","following_url":"https://api.github.com/users/set0x/following{/other_user}","gists_url":"https://api.github.com/users/set0x/gists{/gist_id}","starred_url":"https://api.github.com/users/set0x/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/set0x/subscriptions","organizations_url":"https://api.github.com/users/set0x/orgs","repos_url":"https://api.github.com/users/set0x/repos","events_url":"https://api.github.com/users/set0x/events{/privacy}","received_events_url":"https://api.github.com/users/set0x/received_events","type":"User","site_admin":false},"type":"reporter"}]}]