CVE-2019-6986

Author: kevinbackhouse

vivo-project/README.md vivo-project/CVE-2019-6986/README.mdvivo-project/README.md renamed to vivo-project/CVE-2019-6986/README.md

@@ -1,6 +1,6 @@
-# SPARQL Injection in VIVO
+# SPARQL Injection in VIVO (CVE-2019-6986)
 
-This directory contains a proof-of-concept exploit for a SPARQL injection vulnerability in [VIVO](https://duraspace.org/vivo/). The exploit targets [this line of code](https://lgtm.com/projects/g/vivo-project/Vitro/latest/files/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/IndividualSDB.java?sort=name&dir=ASC&mode=heatmap#L155). It triggers a denial of service by generating a query containing a [ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).
+This directory contains a proof-of-concept exploit for a SPARQL injection vulnerability in [VIVO](https://duraspace.org/vivo/). This vulnerability has been assigned [CVE-2019-6986](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6986). The exploit targets [this line of code](https://github.com/vivo-project/Vitro/blob/6e717446b4a1b3da0fcf0130f3d0cfd1ce8b75ed/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/IndividualSDB.java#L155). It triggers a denial of service by generating a query containing a [ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).
 
 ## Network setup