From 4f4ac389633a0e3b5ff54218b5cce3fb3b4bc682 Mon Sep 17 00:00:00 2001
From: Willem Delbare <willem.delbare@gmail.com>
Date: Sun, 2 Feb 2025 22:54:50 +0100
Subject: [PATCH 1/4] add poorly annotated CVE

---
 input/new.json | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9..ca5209d 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,20 @@
 {
-  "package_name": "",
+  "package_name": "mysql-connector-java",
   "patch_versions": [],
-  "vulnerable_ranges": [],
+  "vulnerable_ranges": [
+    [
+      "0.0.1",
+      "8.0.33"
+    ]
+  ],
   "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
-  "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "tldr": "MySQL Connectors takeover vulnerability",
+  "doest_this_affect_me": "Attacker must have network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.",
+  "how_to_fix": "The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.",
+  "vulnerable_to": "Remote code execution",
+  "related_cve_id": " CVE-2023-22102",
+  "language": "JAVA",
+  "severity_class": "HIGH",
+  "aikido_score": 75,
+  "changelog": "https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES"
 }

From 46db7846b8e681c2d9c6991432d4901c1270472f Mon Sep 17 00:00:00 2001
From: willem-delbare <20814660+willem-delbare@users.noreply.github.com>
Date: Sun, 2 Feb 2025 22:56:50 +0100
Subject: [PATCH 2/4] Update input/new.json

---
 input/new.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/input/new.json b/input/new.json
index ca5209d..db19a68 100644
--- a/input/new.json
+++ b/input/new.json
@@ -12,7 +12,7 @@
   "doest_this_affect_me": "Attacker must have network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.",
   "how_to_fix": "The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.",
   "vulnerable_to": "Remote code execution",
-  "related_cve_id": " CVE-2023-22102",
+  "related_cve_id": "CVE-2023-22102",
   "language": "JAVA",
   "severity_class": "HIGH",
   "aikido_score": 75,

From 1ce4f6070f7256eb5462690b2da35d5f599791d6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 08:44:11 +0000
Subject: [PATCH 3/4] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10066.json and reset new.json template

---
 input/new.json                         | 27 +++++++++++---------------
 vulnerabilities/AIKIDO-2025-10066.json | 22 +++++++++++++++++++++
 2 files changed, 33 insertions(+), 16 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2025-10066.json

diff --git a/input/new.json b/input/new.json
index db19a68..87646b9 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,20 +1,15 @@
 {
-  "package_name": "mysql-connector-java",
+  "package_name": "",
   "patch_versions": [],
-  "vulnerable_ranges": [
-    [
-      "0.0.1",
-      "8.0.33"
-    ]
-  ],
+  "vulnerable_ranges": [],
   "cwe": [],
-  "tldr": "MySQL Connectors takeover vulnerability",
-  "doest_this_affect_me": "Attacker must have network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.",
-  "how_to_fix": "The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.",
-  "vulnerable_to": "Remote code execution",
-  "related_cve_id": "CVE-2023-22102",
-  "language": "JAVA",
-  "severity_class": "HIGH",
-  "aikido_score": 75,
-  "changelog": "https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES"
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
+  "related_cve_id": "",
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10066.json b/vulnerabilities/AIKIDO-2025-10066.json
new file mode 100644
index 0000000..7b7cacd
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2025-10066.json
@@ -0,0 +1,22 @@
+{
+  "package_name": "mysql-connector-java",
+  "patch_versions": [],
+  "vulnerable_ranges": [
+    [
+      "0.0.1",
+      "8.0.33"
+    ]
+  ],
+  "cwe": [],
+  "tldr": "MySQL Connectors takeover vulnerability",
+  "doest_this_affect_me": "Attacker must have network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.",
+  "how_to_fix": "The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.",
+  "vulnerable_to": "Remote code execution",
+  "related_cve_id": "CVE-2023-22102",
+  "language": "JAVA",
+  "severity_class": "HIGH",
+  "aikido_score": 75,
+  "changelog": "https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES",
+  "last_modified": "2025-02-03",
+  "published": "2025-02-03"
+}

From b61dff8228b90dd7888868f540434548a1f5f320 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 08:44:13 +0000
Subject: [PATCH 4/4] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10066.json and reset new.json template

---
 vulnerabilities/AIKIDO-2025-10066.json | 27 +++++++++++---------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/vulnerabilities/AIKIDO-2025-10066.json b/vulnerabilities/AIKIDO-2025-10066.json
index 7b7cacd..33843c3 100644
--- a/vulnerabilities/AIKIDO-2025-10066.json
+++ b/vulnerabilities/AIKIDO-2025-10066.json
@@ -1,22 +1,17 @@
 {
-  "package_name": "mysql-connector-java",
+  "package_name": "",
   "patch_versions": [],
-  "vulnerable_ranges": [
-    [
-      "0.0.1",
-      "8.0.33"
-    ]
-  ],
+  "vulnerable_ranges": [],
   "cwe": [],
-  "tldr": "MySQL Connectors takeover vulnerability",
-  "doest_this_affect_me": "Attacker must have network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.",
-  "how_to_fix": "The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.",
-  "vulnerable_to": "Remote code execution",
-  "related_cve_id": "CVE-2023-22102",
-  "language": "JAVA",
-  "severity_class": "HIGH",
-  "aikido_score": 75,
-  "changelog": "https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES",
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
+  "related_cve_id": "",
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": "",
   "last_modified": "2025-02-03",
   "published": "2025-02-03"
 }