Assign IDs

pypa · Dec 10, 2024 · dcb91b5 · dcb91b5
1 parent d8d8741
commit dcb91b5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/vulns/.id-allocator b/vulns/.id-allocator
@@ -1 +1 @@
-7075a11098778b34efd9fe4003c2f4ed95732f7ea27771bee3a75389a079562b
+278115440d5b556b8b7f5fecd9a4bce9135edd23f8b332329bf1100a2b26d18b
diff --git a/...s/ultralytics/PYSEC-0000-ultralytics.yaml → vulns/ultralytics/PYSEC-2024-154.yaml b/...s/ultralytics/PYSEC-0000-ultralytics.yaml → vulns/ultralytics/PYSEC-2024-154.yaml
@@ -1,4 +1,7 @@
-id: PYSEC-0000-ultralytics.yaml
+id: PYSEC-2024-154
+modified: 2024-12-10T19:20:27.097505Z
+related:
+- GHSA-7x29-qqmq-v6qc
 summary: A number of releases of ultralytics contained malicious crypto miner software.
 details: |
   Ultralytics has identified a supply chain attack
@@ -8,28 +11,10 @@ details: |
   when instantiating YOLO models.
   This code was injected into the PyPI release artifacts and was not present
   in the public GitHub repository.
-modified: '2024-12-10T19:20:27.097505Z'
-related:
-- GHSA-7x29-qqmq-v6qc
-references:
-- type: EVIDENCE
-  url: https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
-- type: WEB
-  url: https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
-- type: REPORT
-  url: https://github.com/ultralytics/ultralytics/issues/18027
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/pull/18052
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/pull/18111
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
-- type: ARTICLE
-  url: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
 affected:
 - package:
-    name: ultralytics
     ecosystem: PyPI
+    name: ultralytics
     purl: pkg:pypi/ultralytics
   ranges:
   - type: ECOSYSTEM
@@ -48,3 +33,18 @@ severity:
   score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
 - type: CVSS_V4
   score: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
+references:
+- type: EVIDENCE
+  url: https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
+- type: WEB
+  url: https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
+- type: REPORT
+  url: https://github.com/ultralytics/ultralytics/issues/18027
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/pull/18052
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/pull/18111
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
+- type: ARTICLE
+  url: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		7075a11098778b34efd9fe4003c2f4ed95732f7ea27771bee3a75389a079562b
		278115440d5b556b8b7f5fecd9a4bce9135edd23f8b332329bf1100a2b26d18b