{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-43782","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-08-16T14:20:37.323Z","datePublished":"2024-08-23T14:35:08.787Z","dateUpdated":"2024-08-27T19:46:53.938Z"},"containers":{"cna":{"title":"openedx-translations's Atlas translations for Open edX missing validation","problemTypes":[{"descriptions":[{"cweId":"CWE-74","lang":"en","description":"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/openedx/openedx-translations/security/advisories/GHSA-fg8c-2pvj-wx3j","tags":["x_refsource_CONFIRM"],"url":"https://github.com/openedx/openedx-translations/security/advisories/GHSA-fg8c-2pvj-wx3j"},{"name":"https://github.com/openedx/openedx-translations/commit/3c4093705dec99590577c4d8270ce263f7fffc5a","tags":["x_refsource_MISC"],"url":"https://github.com/openedx/openedx-translations/commit/3c4093705dec99590577c4d8270ce263f7fffc5a"},{"name":"https://github.com/openedx/openedx-translations/commit/b2444340e8702c7955310331c1db5fd85b25b92b","tags":["x_refsource_MISC"],"url":"https://github.com/openedx/openedx-translations/commit/b2444340e8702c7955310331c1db5fd85b25b92b"}],"affected":[{"vendor":"openedx","product":"openedx-translations","versions":[{"version":"< b2444340e8702c7955310331c1db5fd85b25b92b","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-08-23T14:35:08.787Z"},"descriptions":[{"lang":"en","value":"This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings."}],"source":{"advisory":"GHSA-fg8c-2pvj-wx3j","discovery":"UNKNOWN"}},"adp":[{"affected":[{"vendor":"openedx","product":"openedx-translations","cpes":["cpe:2.3:a:openedx:openedx-translations:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"*","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-23T15:13:48.270619Z","id":"CVE-2024-43782","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-27T19:46:53.938Z"}}]}}