From ae07e1825a0b29e4f0793f0217a90dcb94f67b99 Mon Sep 17 00:00:00 2001
From: Sumit Kumar <sumit@sumityadav.com>
Date: Tue, 13 Apr 2021 13:34:32 +0530
Subject: [PATCH] Create CVE-2021-30130.yaml

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-30130
phpseclib/phpseclib#1635
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
---
 phpseclib/phpseclib/CVE-2021-30130.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 phpseclib/phpseclib/CVE-2021-30130.yaml

diff --git a/phpseclib/phpseclib/CVE-2021-30130.yaml b/phpseclib/phpseclib/CVE-2021-30130.yaml
new file mode 100644
index 000000000..b3bef07be
--- /dev/null
+++ b/phpseclib/phpseclib/CVE-2021-30130.yaml
@@ -0,0 +1,11 @@
+title:     Improper Certificate Validation in phpseclib
+link:      https://github.com/phpseclib/phpseclib/pull/1635
+cve:       CVE-2021-30130
+branches:
+    "2.0":
+        time:     2021-04-06 13:43:13
+        versions: ['<2.0.31']
+    "3.0":
+        time:     2021-04-06 14:00:11
+        versions: ['>= 3.0.0', '< 3.0.7']
+reference: composer://phpseclib/phpseclib