cnvd - cnvd-2021-37699

cnvd-2021-37699

Vulnerability from cnvd

Title: httplib2注入漏洞

Description:

httplib2是一款HTTP客户端库。

httplib2 0.18.0之前版本中存在注入漏洞。攻击者可通过控制的uri（httplib2.Http.request()）未转义部分利用该漏洞更改请求标头和正文，并将其他隐藏请求发送到同一服务器。

Severity: 中

Patch Name: httplib2注入漏洞的补丁

Patch Description:

httplib2是一款HTTP客户端库。

httplib2 0.18.0之前版本中存在注入漏洞。攻击者可通过控制的uri（httplib2.Http.request()）未转义部分利用该漏洞更改请求标头和正文，并将其他隐藏请求发送到同一服务器。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-11078

Impacted products

Name
httplib2 httplib2 <0.18.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11078"
    }
  },
  "description": "httplib2\u662f\u4e00\u6b3eHTTP\u5ba2\u6237\u7aef\u5e93\u3002\n\nhttplib2 0.18.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63a7\u5236\u7684uri\uff08httplib2.Http.request()\uff09\u672a\u8f6c\u4e49\u90e8\u5206\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u8bf7\u6c42\u6807\u5934\u548c\u6b63\u6587\uff0c\u5e76\u5c06\u5176\u4ed6\u9690\u85cf\u8bf7\u6c42\u53d1\u9001\u5230\u540c\u4e00\u670d\u52a1\u5668\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37699",
  "openTime": "2021-05-28",
  "patchDescription": "httplib2\u662f\u4e00\u6b3eHTTP\u5ba2\u6237\u7aef\u5e93\u3002\r\n\r\nhttplib2 0.18.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63a7\u5236\u7684uri\uff08httplib2.Http.request()\uff09\u672a\u8f6c\u4e49\u90e8\u5206\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u8bf7\u6c42\u6807\u5934\u548c\u6b63\u6587\uff0c\u5e76\u5c06\u5176\u4ed6\u9690\u85cf\u8bf7\u6c42\u53d1\u9001\u5230\u540c\u4e00\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "httplib2\u6ce8\u5165\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "httplib2 httplib2 \u003c0.18.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11078",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-21",
  "title": "httplib2\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-11078 (GCVE-0-2020-11078)

Vulnerability from cvelistv5

Published

2020-05-20 16:00

Modified

2024-08-04 11:21

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Summary

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

References

▼	URL	Tags
	https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq	x_refsource_CONFIRM
	https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e	x_refsource_MISC
	https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/	vendor-advisory, x_refsource_FEDORA
	https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	httplib2	httplib2	Version: < 0.81.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e"
          },
          {
            "name": "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html"
          },
          {
            "name": "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-a7a15a9687",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/"
          },
          {
            "name": "FEDORA-2020-37779a5c93",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/"
          },
          {
            "name": "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E"
          },
          {
            "name": "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E"
          },
          {
            "name": "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E"
          },
          {
            "name": "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "httplib2",
          "vendor": "httplib2",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.81.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-16T18:06:04",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e"
        },
        {
          "name": "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html"
        },
        {
          "name": "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E"
        },
        {
          "name": "FEDORA-2020-a7a15a9687",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/"
        },
        {
          "name": "FEDORA-2020-37779a5c93",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/"
        },
        {
          "name": "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E"
        },
        {
          "name": "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E"
        },
        {
          "name": "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E"
        },
        {
          "name": "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E"
        }
      ],
      "source": {
        "advisory": "GHSA-gg84-qgv9-w4pq",
        "discovery": "UNKNOWN"
      },
      "title": "CRLF injection in httplib2",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11078",
          "STATE": "PUBLIC",
          "TITLE": "CRLF injection in httplib2"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "httplib2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.81.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "httplib2"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
              "refsource": "CONFIRM",
              "url": "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq"
            },
            {
              "name": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e",
              "refsource": "MISC",
              "url": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e"
            },
            {
              "name": "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html"
            },
            {
              "name": "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-a7a15a9687",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/"
            },
            {
              "name": "FEDORA-2020-37779a5c93",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/"
            },
            {
              "name": "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E"
            },
            {
              "name": "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E"
            },
            {
              "name": "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E"
            },
            {
              "name": "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to \u003e 0.18.0 to resolve CVE-2020-11078",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gg84-qgv9-w4pq",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11078",
    "datePublished": "2020-05-20T16:00:16",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted