From dcb91b571e9da7d5fa3c47eaba0e976ac9f361f7 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Tue, 10 Dec 2024 19:33:37 +0000
Subject: [PATCH] Assign IDs

---
 vulns/.id-allocator                           |  2 +-
 ...0-ultralytics.yaml => PYSEC-2024-154.yaml} | 40 +++++++++----------
 2 files changed, 21 insertions(+), 21 deletions(-)
 rename vulns/ultralytics/{PYSEC-0000-ultralytics.yaml => PYSEC-2024-154.yaml} (95%)

diff --git a/vulns/.id-allocator b/vulns/.id-allocator
index 1f3804d0..7d3ed12d 100644
--- a/vulns/.id-allocator
+++ b/vulns/.id-allocator
@@ -1 +1 @@
-7075a11098778b34efd9fe4003c2f4ed95732f7ea27771bee3a75389a079562b
\ No newline at end of file
+278115440d5b556b8b7f5fecd9a4bce9135edd23f8b332329bf1100a2b26d18b
\ No newline at end of file
diff --git a/vulns/ultralytics/PYSEC-0000-ultralytics.yaml b/vulns/ultralytics/PYSEC-2024-154.yaml
similarity index 95%
rename from vulns/ultralytics/PYSEC-0000-ultralytics.yaml
rename to vulns/ultralytics/PYSEC-2024-154.yaml
index 7c3ffbbe..bcf1dfdc 100644
--- a/vulns/ultralytics/PYSEC-0000-ultralytics.yaml
+++ b/vulns/ultralytics/PYSEC-2024-154.yaml
@@ -1,4 +1,7 @@
-id: PYSEC-0000-ultralytics.yaml
+id: PYSEC-2024-154
+modified: 2024-12-10T19:20:27.097505Z
+related:
+- GHSA-7x29-qqmq-v6qc
 summary: A number of releases of ultralytics contained malicious crypto miner software.
 details: |
   Ultralytics has identified a supply chain attack
@@ -8,28 +11,10 @@ details: |
   when instantiating YOLO models.
   This code was injected into the PyPI release artifacts and was not present
   in the public GitHub repository.
-modified: '2024-12-10T19:20:27.097505Z'
-related:
-- GHSA-7x29-qqmq-v6qc
-references:
-- type: EVIDENCE
-  url: https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
-- type: WEB
-  url: https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
-- type: REPORT
-  url: https://github.com/ultralytics/ultralytics/issues/18027
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/pull/18052
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/pull/18111
-- type: FIX
-  url: https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
-- type: ARTICLE
-  url: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
 affected:
 - package:
-    name: ultralytics
     ecosystem: PyPI
+    name: ultralytics
     purl: pkg:pypi/ultralytics
   ranges:
   - type: ECOSYSTEM
@@ -48,3 +33,18 @@ severity:
   score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
 - type: CVSS_V4
   score: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
+references:
+- type: EVIDENCE
+  url: https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
+- type: WEB
+  url: https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
+- type: REPORT
+  url: https://github.com/ultralytics/ultralytics/issues/18027
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/pull/18052
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/pull/18111
+- type: FIX
+  url: https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
+- type: ARTICLE
+  url: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection