{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2020-04-16T19:09:37.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"}]}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-15601", "datePublished": "2020-01-06T16:32:53.000Z", "dateRejected": "2020-04-16T19:09:37.000Z", "dateReserved": "2019-08-26T00:00:00.000Z", "dateUpdated": "2020-04-16T19:09:37.000Z", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"}], "id": "CVE-2019-15601", "lastModified": "2023-11-07T03:05:30.680", "metrics": {}, "published": "2020-01-06T17:15:12.003", "references": [], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "curl: improper input validation allows users to create a 'FILE:' URL that can make the client access a remote file using SMB", "id": "1794143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794143"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["[REJECTED CVE] A vulnerability has been identified in libcurl, where a FILE:// URL crafted with two slashes (or backslashes) followed by a hostname can cause Windows systems to treat the path as an SMB request instead of accessing a local file. This unintended behavior may allow an attacker to redirect file access requests to a malicious SMB server. Applications that allow user-provided URLs or URL parts are particularly vulnerable, potentially exposing sensitive data or enabling unauthorized network interactions."], "name": "CVE-2019-15601", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.2", "fix_state": "Not affected", "package_name": "rh-dotnet22-curl", "product_name": ".NET Core 2.2 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2020-01-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15601\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15601"], "statement": "This bug only exists when libcurl runs on a Microsoft Windows operating system.", "threat_severity": "Low"}

{}