Add test for security_advisory

2019-04-17 16:09:34 +01:00
parent c271d4f1c6
commit ebe6b8d143
2 changed files with 61 additions and 0 deletions
@@ -0,0 +1,51 @@
+{
+  "action": "published",
+  "security_advisory": {
+    "ghsa_id": "GHSA-rf4j-j272-fj86",
+    "summary": "Moderate severity vulnerability that affects django",
+    "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
+    "severity": "moderate",
+    "identifiers": [
+      {
+        "value": "GHSA-rf4j-j272-fj86",
+        "type": "GHSA"
+      },
+      {
+        "value": "CVE-2018-6188",
+        "type": "CVE"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
+      }
+    ],
+    "published_at": "2018-10-03T21:13:54Z",
+    "updated_at": "2018-10-03T21:13:54Z",
+    "withdrawn_at": null,
+    "vulnerabilities": [
+      {
+        "package": {
+          "ecosystem": "pip",
+          "name": "django"
+        },
+        "severity": "moderate",
+        "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
+        "first_patched_version": {
+          "identifier": "2.0.2"
+        }
+      },
+      {
+        "package": {
+          "ecosystem": "pip",
+          "name": "django"
+        },
+        "severity": "moderate",
+        "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
+        "first_patched_version": {
+          "identifier": "1.11.10"
+        }
+      }
+    ]
+  }
+}