Skip to content

Commit 8efa282

Browse files
github-actions[bot]github-actions[bot]
committed
Move new vulnerability to vulnerabilities/AIKIDO-2025-10861.json and reset new.json template
1 parent 3430de0 commit 8efa282

File tree

2 files changed

+38
-21
lines changed

2 files changed

+38
-21
lines changed

input/new.json

Lines changed: 12 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,15 @@
11
{
2-
"package_name": "binary-parser",
3-
"patch_versions": [
4-
"2.3.0"
5-
],
6-
"vulnerable_ranges": [
7-
[
8-
"1.3.3",
9-
"2.2.1"
10-
]
11-
],
12-
"cwe": [
13-
"CWE-94"
14-
],
15-
"tldr": "Affected versions of this package suffered from a code-injection vulnerability: attacker-controlled values provided as field names or encoding names could lead to arbitrary code execution within the parser. The patch introduces sanitization logic: it validates field names and encoding names against a safe pattern and rejects invalid ones — preventing injection via malformed names or encoding values.",
16-
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
17-
"how_to_fix": "Upgrade the `binary-parser` library to the patch version.",
18-
"vulnerable_to": "Code Injection",
2+
"package_name": "",
3+
"patch_versions": [],
4+
"vulnerable_ranges": [],
5+
"cwe": [],
6+
"tldr": "",
7+
"doest_this_affect_me": "",
8+
"how_to_fix": "",
9+
"vulnerable_to": "",
1910
"related_cve_id": "",
20-
"language": "JS",
21-
"severity_class": "CRITICAL",
22-
"aikido_score": 90,
23-
"changelog": "https://github.com/keichi/binary-parser/releases/tag/v2.3.0"
11+
"language": "",
12+
"severity_class": "",
13+
"aikido_score": 0,
14+
"changelog": ""
2415
}

vulnerabilities/AIKIDO-2025-10861.json

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"package_name": "binary-parser",
3+
"patch_versions": [
4+
"2.3.0"
5+
],
6+
"vulnerable_ranges": [
7+
[
8+
"1.3.3",
9+
"2.2.1"
10+
]
11+
],
12+
"cwe": [
13+
"CWE-94"
14+
],
15+
"tldr": "Affected versions of this package suffered from a code-injection vulnerability: attacker-controlled values provided as field names or encoding names could lead to arbitrary code execution within the parser. The patch introduces sanitization logic: it validates field names and encoding names against a safe pattern and rejects invalid ones — preventing injection via malformed names or encoding values.",
16+
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
17+
"how_to_fix": "Upgrade the `binary-parser` library to the patch version.",
18+
"vulnerable_to": "Code Injection",
19+
"related_cve_id": "",
20+
"language": "JS",
21+
"severity_class": "CRITICAL",
22+
"aikido_score": 90,
23+
"changelog": "https://github.com/keichi/binary-parser/releases/tag/v2.3.0",
24+
"last_modified": "2025-12-01",
25+
"published": "2025-12-01"
26+
}

0 commit comments

Comments
 (0)