FriendsOfPHP · stof · Feb 7, 2024 · Dec 16, 2023 · Dec 18, 2023 · Dec 18, 2023
diff --git a/microsoft/microsoft-graph-core/CVE-2023-49283.yaml b/microsoft/microsoft-graph-core/CVE-2023-49283.yaml
@@ -0,0 +1,8 @@
+title: 'Test code in published microsoft-graph-core package exposes phpinfo()'
+link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-49283'
+cve: CVE-2023-49283
+branches:
+    2.x:
+        time: 2023-11-30 12:40:00
+        versions: ['<2.0.2']
+reference: 'composer://microsoft/microsoft-graph-core'
diff --git a/microsoft/microsoft-graph/CVE-2023-49282.yaml b/microsoft/microsoft-graph/CVE-2023-49282.yaml
@@ -0,0 +1,11 @@
+title: 'Test code in published microsoft-graph package exposes phpinfo()'
+link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-49282'
+cve: CVE-2023-49282
+branches:
+    1.x:
+        time: 2023-11-30 12:40:00
+        versions: ['>=1.16.0', '<1.109.1']
+    2.x:
+        time: 2023-11-30 12:40:00
+        versions: ['>=2.0.0', '<2.0.1']
+reference: 'composer://microsoft/microsoft-graph'