Merge pull request #28 from jensdietrich/add-11-fixedversions

Add 11 `pov-project.json`s with `fixedVersion`s

CVE-2013-2186/pov-project.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2013-2186",
+  "artifact": "commons-fileupload:commons-fileupload",
+  "vulnerableVersions": [
+    "1.0",
+    "1.0-beta-1",
+    "1.0-rc1",
+    "1.1",
+    "1.1.1",
+    "1.2",
+    "1.2.1",
+    "1.2.2",
+    "1.3"
+  ],
+  "fixVersion": "1.3.1",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2013-2186",
+    "https://github.com/advisories/GHSA-qx6h-9567-5fqw"
+  ]
+}

CVE-2013-5960/pov-project.json

@@ -0,0 +1,18 @@
+{
+  "id": "CVE-2013-5960",
+  "artifact": "org.owasp.esapi:esapi",
+  "vulnerableVersions": [
+    "2.0.1",
+    "2.0GA",
+    "2.0_rc10",
+    "2.0_rc11",
+    "2.0_rc9",
+    "2.1.0"
+  ],
+  "fixVersion": "2.1.0.1",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2013-5960",
+    "https://github.com/advisories/GHSA-2g56-7jv7-wxxq"
+  ]
+}

CVE-2014-0050/pov-project.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2014-0050",
+  "artifact": "commons-fileupload:commons-fileupload",
+  "vulnerableVersions": [
+    "1.0",
+    "1.0-beta-1",
+    "1.0-rc1",
+    "1.1",
+    "1.1.1",
+    "1.2",
+    "1.2.1",
+    "1.2.2",
+    "1.3"
+  ],
+  "fixVersion": "1.3.1",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2014-0050",
+    "https://github.com/advisories/GHSA-xx68-jfcg-xmmf"
+  ]
+}

CVE-2015-6748/pov-project.json

@@ -0,0 +1,34 @@
+{
+  "id": "CVE-2015-6748",
+  "artifact": "org.jsoup:jsoup",
+  "vulnerableVersions": [
+    "0.2.1b",
+    "0.2.2",
+    "0.3.1",
+    "1.1.1",
+    "1.2.1",
+    "1.2.2",
+    "1.2.3",
+    "1.3.1",
+    "1.3.2",
+    "1.3.3",
+    "1.4.1",
+    "1.5.1",
+    "1.5.2",
+    "1.6.0",
+    "1.6.1",
+    "1.6.2",
+    "1.6.3",
+    "1.7.1",
+    "1.7.2",
+    "1.7.3",
+    "1.8.1",
+    "1.8.2"
+  ],
+  "fixVersion": "1.8.3",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2015-6748",
+    "https://github.com/advisories/GHSA-48rh-qgjr-xfj6"
+  ]
+}

CVE-2016-2510/pov-project.json

@@ -0,0 +1,13 @@
+{
+  "id": "CVE-2016-2510",
+  "artifact": "org.apache-extras.beanshell:bsh",
+  "vulnerableVersions": [
+    "2.0b5"
+  ],
+  "fixVersion": "2.0b6",
+  "testSignalWhenVulnerable": "success",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2016-2510",
+    "https://github.com/advisories/GHSA-gxg6-rc6c-v673"
+  ]
+}

CVE-2016-5394/pov-project.json

@@ -0,0 +1,17 @@
+{
+  "id": "CVE-2016-5394",
+  "artifact": "org.apache.sling:org.apache.sling.xss",
+  "vulnerableVersions": [
+    "1.0.0",
+    "1.0.2",
+    "1.0.4",
+    "1.0.6",
+    "1.0.8"
+  ],
+  "fixVersion": "1.0.12",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2016-5394",
+    "https://github.com/advisories/GHSA-xwf4-88xr-hx2j"
+  ]
+}

CVE-2016-6798/pov-project.json

@@ -0,0 +1,17 @@
+{
+  "id": "CVE-2016-6798",
+  "artifact": "org.apache.sling:org.apache.sling.xss",
+  "vulnerableVersions": [
+    "1.0.0",
+    "1.0.2",
+    "1.0.4",
+    "1.0.6",
+    "1.0.8"
+  ],
+  "fixVersion": "1.0.12",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2016-6798",
+    "https://github.com/advisories/GHSA-7g54-vgp6-jj5w"
+  ]
+}

CVE-2018-11771/pov-project.json

@@ -0,0 +1,33 @@
+{
+  "id": "CVE-2018-11771",
+  "artifact": "org.apache.commons:commons-compress",
+  "vulnerableVersions": [
+    "1.0",
+    "1.1",
+    "1.10",
+    "1.11",
+    "1.12",
+    "1.13",
+    "1.14",
+    "1.15",
+    "1.16",
+    "1.16.1",
+    "1.17",
+    "1.2",
+    "1.3",
+    "1.4",
+    "1.4.1",
+    "1.5",
+    "1.6",
+    "1.7",
+    "1.8",
+    "1.8.1",
+    "1.9"
+  ],
+  "fixVersion": "1.18",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2018-11771",
+    "https://github.com/advisories/GHSA-hrmr-f5m6-m9pq"
+  ]
+}

CVE-2019-12402/pov-project.json

@@ -0,0 +1,17 @@
+{
+  "id": "CVE-2019-12402",
+  "artifact": "org.apache.commons:commons-compress",
+  "vulnerableVersions": [
+    "1.15",
+    "1.16",
+    "1.16.1",
+    "1.17",
+    "1.18"
+  ],
+  "fixVersion": "1.19",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2019-12402",
+    "https://github.com/advisories/GHSA-53x6-4x5p-rrvv"
+  ]
+}

CVE-2020-1953/pov-project.json

@@ -0,0 +1,17 @@
+{
+  "id": "CVE-2020-1953",
+  "artifact": "org.apache.commons:commons-configuration2",
+  "vulnerableVersions": [
+    "2.2",
+    "2.3",
+    "2.4",
+    "2.5",
+    "2.6"
+  ],
+  "fixVersion": "2.7",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2020-1953",
+    "https://github.com/advisories/GHSA-7qx4-pp76-vrqh"
+  ]
+}

CVE-2021-29425/pov-project.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2021-29425",
+  "artifact": "commons-io:commons-io",
+  "vulnerableVersions": [
+    "0.1",
+    "1.0",
+    "1.1",
+    "1.2",
+    "1.3",
+    "1.3.1",
+    "1.3.2",
+    "1.4",
+    "2.0",
+    "2.0.1",
+    "2.1",
+    "2.2",
+    "2.3",
+    "2.4",
+    "2.5",
+    "2.6"
+  ],
+  "fixVersion": "2.7",
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
+    "https://github.com/advisories/GHSA-gwrp-pvrq-jmwv"
+  ]
+}