Coder Social home page Coder Social logo

skf-labs's Introduction

Introduction

security knowledge framework

Here we find all the labs and write-ups for the security knowledge framework!
These labs are correlated to knowledge-base id's which are on their place
again correlated to security controls such as from the ASVS or NIST, etc.

The labs are all downloadable from the following Github repository:

{% hint style="info" %} SKF Labs repo {% endhint %}

The images can also be found on the skf docker hub. These skf-labs images are automatically pushed to the docker registry on each commit to the Github repository.

Useful tools

First thing we need to do is to be able to investigate the requests that are being made by the labs/applications. We do this by setting up our intercepting proxy so we can gain more understanding of the application under test.

{% hint style="info" %} Burp suite:
https://portswigger.net/burp/communitydownload {% endhint %}

{% hint style="info" %} ZAP: For the latest features we want to advise to use the Weekly build of ZAP. This is using the latest and greatest improvements + Libraries https://www.zaproxy.org/download/#weekly {% endhint %}

How to add a Lab & write-up

When you want to contribute and add your own labs then please make sure you use the styling template in one of the lab challenges. We think its really important to have one look and feel and for able to merge your lab its required to use the SKF template. You can copy this from any of the labs we currently already have.

For adding the write-up for the lab we advice to create a copy of on existing write-up and work from there or use the template.md file as a base. You can store all your images in .gitbook/assets/ and also make sure you correlate your lab to one of the knowledge base item identifier in SKF. When you completed the lab and the write-up you only have to add it to the SUMMARY.md file and you are ready to create your Pull Request.

After the pull request you can find your nice styled write-up here: https://skf.gitbook.io/asvs-write-ups/

Deploying SKF Lab's from your terminal

You can now deploy skf-lab from your terminal, with joyghoshs/skf-cli, you don't need to setup server if you don't want to with skf-cli you can deploy lab with security knowledge frameworks own api, if you want you can also search and deploy lab using skf-cli.

skf-labs's People

Contributors

blabla1337 avatar riiecco avatar giuliocomi avatar shayubit avatar sharonkoch avatar albertocoding avatar tdimbs avatar asurwade avatar david3107 avatar brunocortesrodrigues avatar tsluyter avatar thesebas avatar 4390c336 avatar rudytruyens avatar ran-dall avatar ctxhamza avatar mend-for-github-com[bot] avatar abhiabhi2306 avatar jigsjst avatar joyghoshs avatar karim-ouerghemmi-sonarsource avatar lmol avatar mrx465 avatar rolfvreijdenberger avatar anon-exploiter avatar python-semicolon avatar

Forkers

keremgeva

skf-labs's Issues

Flask-1.0-py2.py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Flask-1.0-py2.py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/55/b1/4365193655df97227ace49311365cc296e74b60c7f5c63d23cd30175e2f6/Flask-1.0-py2.py3-none-any.whl

Path to dependency file: /python/CSRF-SameSite/requirements.txt

Path to vulnerable library: /python/CSRF-SameSite/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Flask version) Remediation Possible**
CVE-2023-30861 High 7.5 Flask-1.0-py2.py3-none-any.whl Direct flask - 2.2.5,2.3.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-30861

Vulnerable Library - Flask-1.0-py2.py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/55/b1/4365193655df97227ace49311365cc296e74b60c7f5c63d23cd30175e2f6/Flask-1.0-py2.py3-none-any.whl

Path to dependency file: /python/CSRF-SameSite/requirements.txt

Path to vulnerable library: /python/CSRF-SameSite/requirements.txt

Dependency Hierarchy:

  • Flask-1.0-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

  1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
  2. The application sets session.permanent = True
  3. The application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST enabled (the default).
  5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Publish Date: 2023-05-02

URL: CVE-2023-30861

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-30861

Release Date: 2023-05-02

Fix Resolution: flask - 2.2.5,2.3.2

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

nodemon-2.0.15.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - nodemon-2.0.15.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (nodemon version) Remediation Possible**
CVE-2022-25883 Medium 5.3 semver-7.3.8.tgz Transitive 3.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-25883

Vulnerable Library - semver-7.3.8.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-7.3.8.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Dependency Hierarchy:

  • nodemon-2.0.15.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • semver-7.3.8.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c2qf-rxjj-qqgw

Release Date: 2023-06-21

Fix Resolution (semver): 7.5.2

Direct dependency fix Resolution (nodemon): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

bootstrap-3.2.0.min.js: 6 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.2.0.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.min.js

Path to dependency file: /lab-template/evil.html

Path to vulnerable library: /java/ssti/src/main/resources/static/js/bootstrap.min.js,/python/CSTI/static/js/bootstrap.min.js,/python/SSTI/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass/static/js/bootstrap.min.js,/java/ssti/src/main/resources/static/old/js/bootstrap.min.js,/python/RFI/static/js/bootstrap.min.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.min.js,/java/rtlo/src/main/resources/static/js/bootstrap.min.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.min.js,/java/cmd4/src/main/resources/static/js/bootstrap.min.js,/java/sqli-like/src/main/resources/static/js/bootstrap.min.js,/python/NoSQL/static/js/bootstrap.min.js,/python/graphql-IDOR/static/js/bootstrap.min.js,/python/Unreferenced-files/static/js/bootstrap.min.js,/java/ssrf/src/main/resources/static/js/bootstrap.min.js,/python/Ldap-injection/static/js/bootstrap.min.js,/python/CMD/static/js/bootstrap.min.js,/python/XXE/static/js/bootstrap.min.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.min.js,/java/racecondition/src/main/resources/static/js/bootstrap.min.js,/java/cors/src/main/resources/static/js/bootstrap.min.js,/python/CMD-Blind/static/js/bootstrap.min.js,/python/user-registration-process/static/js/bootstrap.min.js,/python/DES-Pickle/static/js/bootstrap.min.js,/java/idor/src/main/resources/static/js/bootstrap.min.js,/java/csp/src/main/resources/static/js/bootstrap.min.js,/python/credentials-guessing-2/static/js/bootstrap.min.js,/python/DES-Pickle-2/static/js/bootstrap.min.js,/python/SQLI-login-bypass/static/js/bootstrap.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.min.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.min.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.min.js,/python/SQLI-like/static/js/bootstrap.min.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.min.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.min.js,/python/graphql-mutation/static/js/bootstrap.min.js,/python/Auth-bypass-2/static/js/bootstrap.min.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.min.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.min.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-metadata/static/js/bootstrap.min.js,/python/CSRF-weak/static/js/bootstrap.min.js,/python/SQLI-blind/static/js/bootstrap.min.js,/python/XSS-DOM/static/js/bootstrap.min.js,/python/Attack-Server/static/js/bootstrap.min.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.min.js,/python/Formula-injection/static/js/bootstrap.min.js,/python/JWT-secret/static/js/bootstrap.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.min.js,/java/xss-stored/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-comments/static/js/bootstrap.min.js,/python/IDOR/static/js/bootstrap.min.js,/python/CMD2/static/js/bootstrap.min.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.min.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.min.js,/java/lfi2/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.min.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.min.js,/python/Threat-modeling/static/js/bootstrap.min.js,/java/cssi/src/main/resources/static/js/bootstrap.min.js,/java/sqli/src/main/resources/static/js/bootstrap.min.js,/python/CMD3/static/js/bootstrap.min.js,/python/Auth-bypass-3/static/js/bootstrap.min.js,/python/XSS-url/static/js/bootstrap.min.js,/python/JWT-null/static/js/bootstrap.min.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass-simple/static/js/bootstrap.min.js,/python/XSS-attribute/static/js/bootstrap.min.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.min.js,/python/HTML-injection/static/js/bootstrap.min.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.min.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.min.js,/python/RaceCondition-file-write/static/js/bootstrap.min.js,/python/client-side-restriction-bypass/static/js/bootstrap.min.js,/java/csti/src/main/resources/static/js/bootstrap.min.js,/python/DoS-regex/static/js/bootstrap.min.js,/java/cmd/src/main/resources/static/js/bootstrap.min.js,/python/LFI-3/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.min.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.min.js,/python/graphql-info-introspection/static/js/bootstrap.min.js,/java/dos-regex/src/main/resources/static/js/bootstrap.min.js,/python/SessionPuzzle/static/js/bootstrap.min.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.min.js,/python/Content-type/static/js/bootstrap.min.js,/python/account-provisioning-process/static/js/bootstrap.min.js,/java/xxe/src/main/resources/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/file-upload/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection-harder/static/js/bootstrap.min.js,/python/Untrusted-sources-js/static/js/bootstrap.min.js,/python/credentials-guessing-1/static/js/bootstrap.min.js,/java/csrf/src/main/resources/static/js/bootstrap.min.js,/java/cmd2/src/main/resources/static/js/bootstrap.min.js,/java/content-type/src/main/resources/static/js/bootstrap.min.js,/python/http-response-splitting/static/js/bootstrap.min.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.min.js,/java/jwt-null/src/main/resources/static/js/bootstrap.min.js,/python/XSS/static/js/bootstrap.min.js,/java/formula-injection/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection/static/js/bootstrap.min.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.min.js,/python/CSRF/static/js/bootstrap.min.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.min.js,/java/des-java/src/main/resources/static/js/bootstrap.min.js,/python/CSP/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.min.js,/python/CSSI/static/js/bootstrap.min.js,/python/SQLI/static/js/bootstrap.min.js,/java/xss-dom/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-1/static/js/bootstrap.min.js,/java/xss-url/src/main/resources/static/js/bootstrap.min.js,/python/CMD4/static/js/bootstrap.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.min.js,/python/DNS-rebinding/static/js/bootstrap.min.js,/python/Auth-bypass-1/static/js/bootstrap.min.js,/python/LFI-2/static/js/bootstrap.min.js,/python/graphql-injections/static/js/bootstrap.min.js,/python/XSS-DOM-2/static/js/bootstrap.min.js,/python/Ldap-injection-harder/static/js/bootstrap.min.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-2/static/js/bootstrap.min.js,/python/RaceCondition/static/js/bootstrap.min.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.min.js,/java/cmd3/src/main/resources/static/js/bootstrap.min.js,/python/File-upload/static/js/bootstrap.min.js,/java/des-yaml/src/main/resources/static/js/bootstrap.min.js,/java/lfi3/src/main/resources/static/js/bootstrap.min.js,/python/CORS/static/js/bootstrap.min.js,/python/ratelimiting/static/js/bootstrap.min.js,/python/TLS-downgrade/static/js/bootstrap.min.js,/python/RTLO/static/js/bootstrap.min.js,/nodeJs/Graphql-DOS/static/js/bootstrap.min.js,/python/Url-redirection-harder2/static/js/bootstrap.min.js,/java/url-redirection/src/main/resources/static/js/bootstrap.min.js,/java/rfi/src/main/resources/static/js/bootstrap.min.js,/java/xss/src/main/resources/static/js/bootstrap.min.js,/python/session-hijacking-xss/static/js/bootstrap.min.js,/python/DES-Yaml/static/js/bootstrap.min.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.min.js,/python/SSRF/static/js/bootstrap.min.js,/python/weak-lock-out-mechanism/static/js/bootstrap.min.js,/python/CSRF-SameSite/static/js/bootstrap.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.min.js,/python/X-allow-origin/static/js/bootstrap.min.js,/java/lfi/src/main/resources/static/js/bootstrap.min.js,/python/Web-cache-poisoning/static/js/bootstrap.min.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.min.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.min.js,/python/LFI/static/js/bootstrap.min.js

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bootstrap version) Remediation Possible**
CVE-2019-8331 Medium 6.1 bootstrap-3.2.0.min.js Direct bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-20677 Medium 6.1 bootstrap-3.2.0.min.js Direct Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-20676 Medium 6.1 bootstrap-3.2.0.min.js Direct bootstrap - 3.4.0
CVE-2018-14042 Medium 6.1 bootstrap-3.2.0.min.js Direct bootstrap - 3.4.0,4.1.2
CVE-2016-10735 Medium 6.1 bootstrap-3.2.0.min.js Direct bootstrap - 3.4.0, 4.0.0-beta.2
CVE-2018-14040 Low 3.7 bootstrap-3.2.0.min.js Direct org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (4 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2019-8331

Vulnerable Library - bootstrap-3.2.0.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.min.js

Path to dependency file: /lab-template/evil.html

Path to vulnerable library: /java/ssti/src/main/resources/static/js/bootstrap.min.js,/python/CSTI/static/js/bootstrap.min.js,/python/SSTI/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass/static/js/bootstrap.min.js,/java/ssti/src/main/resources/static/old/js/bootstrap.min.js,/python/RFI/static/js/bootstrap.min.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.min.js,/java/rtlo/src/main/resources/static/js/bootstrap.min.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.min.js,/java/cmd4/src/main/resources/static/js/bootstrap.min.js,/java/sqli-like/src/main/resources/static/js/bootstrap.min.js,/python/NoSQL/static/js/bootstrap.min.js,/python/graphql-IDOR/static/js/bootstrap.min.js,/python/Unreferenced-files/static/js/bootstrap.min.js,/java/ssrf/src/main/resources/static/js/bootstrap.min.js,/python/Ldap-injection/static/js/bootstrap.min.js,/python/CMD/static/js/bootstrap.min.js,/python/XXE/static/js/bootstrap.min.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.min.js,/java/racecondition/src/main/resources/static/js/bootstrap.min.js,/java/cors/src/main/resources/static/js/bootstrap.min.js,/python/CMD-Blind/static/js/bootstrap.min.js,/python/user-registration-process/static/js/bootstrap.min.js,/python/DES-Pickle/static/js/bootstrap.min.js,/java/idor/src/main/resources/static/js/bootstrap.min.js,/java/csp/src/main/resources/static/js/bootstrap.min.js,/python/credentials-guessing-2/static/js/bootstrap.min.js,/python/DES-Pickle-2/static/js/bootstrap.min.js,/python/SQLI-login-bypass/static/js/bootstrap.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.min.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.min.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.min.js,/python/SQLI-like/static/js/bootstrap.min.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.min.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.min.js,/python/graphql-mutation/static/js/bootstrap.min.js,/python/Auth-bypass-2/static/js/bootstrap.min.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.min.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.min.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-metadata/static/js/bootstrap.min.js,/python/CSRF-weak/static/js/bootstrap.min.js,/python/SQLI-blind/static/js/bootstrap.min.js,/python/XSS-DOM/static/js/bootstrap.min.js,/python/Attack-Server/static/js/bootstrap.min.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.min.js,/python/Formula-injection/static/js/bootstrap.min.js,/python/JWT-secret/static/js/bootstrap.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.min.js,/java/xss-stored/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-comments/static/js/bootstrap.min.js,/python/IDOR/static/js/bootstrap.min.js,/python/CMD2/static/js/bootstrap.min.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.min.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.min.js,/java/lfi2/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.min.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.min.js,/python/Threat-modeling/static/js/bootstrap.min.js,/java/cssi/src/main/resources/static/js/bootstrap.min.js,/java/sqli/src/main/resources/static/js/bootstrap.min.js,/python/CMD3/static/js/bootstrap.min.js,/python/Auth-bypass-3/static/js/bootstrap.min.js,/python/XSS-url/static/js/bootstrap.min.js,/python/JWT-null/static/js/bootstrap.min.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass-simple/static/js/bootstrap.min.js,/python/XSS-attribute/static/js/bootstrap.min.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.min.js,/python/HTML-injection/static/js/bootstrap.min.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.min.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.min.js,/python/RaceCondition-file-write/static/js/bootstrap.min.js,/python/client-side-restriction-bypass/static/js/bootstrap.min.js,/java/csti/src/main/resources/static/js/bootstrap.min.js,/python/DoS-regex/static/js/bootstrap.min.js,/java/cmd/src/main/resources/static/js/bootstrap.min.js,/python/LFI-3/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.min.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.min.js,/python/graphql-info-introspection/static/js/bootstrap.min.js,/java/dos-regex/src/main/resources/static/js/bootstrap.min.js,/python/SessionPuzzle/static/js/bootstrap.min.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.min.js,/python/Content-type/static/js/bootstrap.min.js,/python/account-provisioning-process/static/js/bootstrap.min.js,/java/xxe/src/main/resources/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/file-upload/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection-harder/static/js/bootstrap.min.js,/python/Untrusted-sources-js/static/js/bootstrap.min.js,/python/credentials-guessing-1/static/js/bootstrap.min.js,/java/csrf/src/main/resources/static/js/bootstrap.min.js,/java/cmd2/src/main/resources/static/js/bootstrap.min.js,/java/content-type/src/main/resources/static/js/bootstrap.min.js,/python/http-response-splitting/static/js/bootstrap.min.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.min.js,/java/jwt-null/src/main/resources/static/js/bootstrap.min.js,/python/XSS/static/js/bootstrap.min.js,/java/formula-injection/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection/static/js/bootstrap.min.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.min.js,/python/CSRF/static/js/bootstrap.min.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.min.js,/java/des-java/src/main/resources/static/js/bootstrap.min.js,/python/CSP/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.min.js,/python/CSSI/static/js/bootstrap.min.js,/python/SQLI/static/js/bootstrap.min.js,/java/xss-dom/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-1/static/js/bootstrap.min.js,/java/xss-url/src/main/resources/static/js/bootstrap.min.js,/python/CMD4/static/js/bootstrap.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.min.js,/python/DNS-rebinding/static/js/bootstrap.min.js,/python/Auth-bypass-1/static/js/bootstrap.min.js,/python/LFI-2/static/js/bootstrap.min.js,/python/graphql-injections/static/js/bootstrap.min.js,/python/XSS-DOM-2/static/js/bootstrap.min.js,/python/Ldap-injection-harder/static/js/bootstrap.min.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-2/static/js/bootstrap.min.js,/python/RaceCondition/static/js/bootstrap.min.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.min.js,/java/cmd3/src/main/resources/static/js/bootstrap.min.js,/python/File-upload/static/js/bootstrap.min.js,/java/des-yaml/src/main/resources/static/js/bootstrap.min.js,/java/lfi3/src/main/resources/static/js/bootstrap.min.js,/python/CORS/static/js/bootstrap.min.js,/python/ratelimiting/static/js/bootstrap.min.js,/python/TLS-downgrade/static/js/bootstrap.min.js,/python/RTLO/static/js/bootstrap.min.js,/nodeJs/Graphql-DOS/static/js/bootstrap.min.js,/python/Url-redirection-harder2/static/js/bootstrap.min.js,/java/url-redirection/src/main/resources/static/js/bootstrap.min.js,/java/rfi/src/main/resources/static/js/bootstrap.min.js,/java/xss/src/main/resources/static/js/bootstrap.min.js,/python/session-hijacking-xss/static/js/bootstrap.min.js,/python/DES-Yaml/static/js/bootstrap.min.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.min.js,/python/SSRF/static/js/bootstrap.min.js,/python/weak-lock-out-mechanism/static/js/bootstrap.min.js,/python/CSRF-SameSite/static/js/bootstrap.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.min.js,/python/X-allow-origin/static/js/bootstrap.min.js,/java/lfi/src/main/resources/static/js/bootstrap.min.js,/python/Web-cache-poisoning/static/js/bootstrap.min.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.min.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.min.js,/python/LFI/static/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.2.0.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

CVE-2018-20677

Vulnerable Library - bootstrap-3.2.0.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.min.js

Path to dependency file: /lab-template/evil.html

Path to vulnerable library: /java/ssti/src/main/resources/static/js/bootstrap.min.js,/python/CSTI/static/js/bootstrap.min.js,/python/SSTI/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass/static/js/bootstrap.min.js,/java/ssti/src/main/resources/static/old/js/bootstrap.min.js,/python/RFI/static/js/bootstrap.min.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.min.js,/java/rtlo/src/main/resources/static/js/bootstrap.min.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.min.js,/java/cmd4/src/main/resources/static/js/bootstrap.min.js,/java/sqli-like/src/main/resources/static/js/bootstrap.min.js,/python/NoSQL/static/js/bootstrap.min.js,/python/graphql-IDOR/static/js/bootstrap.min.js,/python/Unreferenced-files/static/js/bootstrap.min.js,/java/ssrf/src/main/resources/static/js/bootstrap.min.js,/python/Ldap-injection/static/js/bootstrap.min.js,/python/CMD/static/js/bootstrap.min.js,/python/XXE/static/js/bootstrap.min.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.min.js,/java/racecondition/src/main/resources/static/js/bootstrap.min.js,/java/cors/src/main/resources/static/js/bootstrap.min.js,/python/CMD-Blind/static/js/bootstrap.min.js,/python/user-registration-process/static/js/bootstrap.min.js,/python/DES-Pickle/static/js/bootstrap.min.js,/java/idor/src/main/resources/static/js/bootstrap.min.js,/java/csp/src/main/resources/static/js/bootstrap.min.js,/python/credentials-guessing-2/static/js/bootstrap.min.js,/python/DES-Pickle-2/static/js/bootstrap.min.js,/python/SQLI-login-bypass/static/js/bootstrap.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.min.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.min.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.min.js,/python/SQLI-like/static/js/bootstrap.min.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.min.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.min.js,/python/graphql-mutation/static/js/bootstrap.min.js,/python/Auth-bypass-2/static/js/bootstrap.min.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.min.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.min.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-metadata/static/js/bootstrap.min.js,/python/CSRF-weak/static/js/bootstrap.min.js,/python/SQLI-blind/static/js/bootstrap.min.js,/python/XSS-DOM/static/js/bootstrap.min.js,/python/Attack-Server/static/js/bootstrap.min.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.min.js,/python/Formula-injection/static/js/bootstrap.min.js,/python/JWT-secret/static/js/bootstrap.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.min.js,/java/xss-stored/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-comments/static/js/bootstrap.min.js,/python/IDOR/static/js/bootstrap.min.js,/python/CMD2/static/js/bootstrap.min.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.min.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.min.js,/java/lfi2/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.min.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.min.js,/python/Threat-modeling/static/js/bootstrap.min.js,/java/cssi/src/main/resources/static/js/bootstrap.min.js,/java/sqli/src/main/resources/static/js/bootstrap.min.js,/python/CMD3/static/js/bootstrap.min.js,/python/Auth-bypass-3/static/js/bootstrap.min.js,/python/XSS-url/static/js/bootstrap.min.js,/python/JWT-null/static/js/bootstrap.min.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass-simple/static/js/bootstrap.min.js,/python/XSS-attribute/static/js/bootstrap.min.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.min.js,/python/HTML-injection/static/js/bootstrap.min.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.min.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.min.js,/python/RaceCondition-file-write/static/js/bootstrap.min.js,/python/client-side-restriction-bypass/static/js/bootstrap.min.js,/java/csti/src/main/resources/static/js/bootstrap.min.js,/python/DoS-regex/static/js/bootstrap.min.js,/java/cmd/src/main/resources/static/js/bootstrap.min.js,/python/LFI-3/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.min.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.min.js,/python/graphql-info-introspection/static/js/bootstrap.min.js,/java/dos-regex/src/main/resources/static/js/bootstrap.min.js,/python/SessionPuzzle/static/js/bootstrap.min.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.min.js,/python/Content-type/static/js/bootstrap.min.js,/python/account-provisioning-process/static/js/bootstrap.min.js,/java/xxe/src/main/resources/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/file-upload/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection-harder/static/js/bootstrap.min.js,/python/Untrusted-sources-js/static/js/bootstrap.min.js,/python/credentials-guessing-1/static/js/bootstrap.min.js,/java/csrf/src/main/resources/static/js/bootstrap.min.js,/java/cmd2/src/main/resources/static/js/bootstrap.min.js,/java/content-type/src/main/resources/static/js/bootstrap.min.js,/python/http-response-splitting/static/js/bootstrap.min.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.min.js,/java/jwt-null/src/main/resources/static/js/bootstrap.min.js,/python/XSS/static/js/bootstrap.min.js,/java/formula-injection/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection/static/js/bootstrap.min.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.min.js,/python/CSRF/static/js/bootstrap.min.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.min.js,/java/des-java/src/main/resources/static/js/bootstrap.min.js,/python/CSP/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.min.js,/python/CSSI/static/js/bootstrap.min.js,/python/SQLI/static/js/bootstrap.min.js,/java/xss-dom/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-1/static/js/bootstrap.min.js,/java/xss-url/src/main/resources/static/js/bootstrap.min.js,/python/CMD4/static/js/bootstrap.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.min.js,/python/DNS-rebinding/static/js/bootstrap.min.js,/python/Auth-bypass-1/static/js/bootstrap.min.js,/python/LFI-2/static/js/bootstrap.min.js,/python/graphql-injections/static/js/bootstrap.min.js,/python/XSS-DOM-2/static/js/bootstrap.min.js,/python/Ldap-injection-harder/static/js/bootstrap.min.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-2/static/js/bootstrap.min.js,/python/RaceCondition/static/js/bootstrap.min.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.min.js,/java/cmd3/src/main/resources/static/js/bootstrap.min.js,/python/File-upload/static/js/bootstrap.min.js,/java/des-yaml/src/main/resources/static/js/bootstrap.min.js,/java/lfi3/src/main/resources/static/js/bootstrap.min.js,/python/CORS/static/js/bootstrap.min.js,/python/ratelimiting/static/js/bootstrap.min.js,/python/TLS-downgrade/static/js/bootstrap.min.js,/python/RTLO/static/js/bootstrap.min.js,/nodeJs/Graphql-DOS/static/js/bootstrap.min.js,/python/Url-redirection-harder2/static/js/bootstrap.min.js,/java/url-redirection/src/main/resources/static/js/bootstrap.min.js,/java/rfi/src/main/resources/static/js/bootstrap.min.js,/java/xss/src/main/resources/static/js/bootstrap.min.js,/python/session-hijacking-xss/static/js/bootstrap.min.js,/python/DES-Yaml/static/js/bootstrap.min.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.min.js,/python/SSRF/static/js/bootstrap.min.js,/python/weak-lock-out-mechanism/static/js/bootstrap.min.js,/python/CSRF-SameSite/static/js/bootstrap.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.min.js,/python/X-allow-origin/static/js/bootstrap.min.js,/java/lfi/src/main/resources/static/js/bootstrap.min.js,/python/Web-cache-poisoning/static/js/bootstrap.min.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.min.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.min.js,/python/LFI/static/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.2.0.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

CVE-2018-20676

Vulnerable Library - bootstrap-3.2.0.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.min.js

Path to dependency file: /lab-template/evil.html

Path to vulnerable library: /java/ssti/src/main/resources/static/js/bootstrap.min.js,/python/CSTI/static/js/bootstrap.min.js,/python/SSTI/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass/static/js/bootstrap.min.js,/java/ssti/src/main/resources/static/old/js/bootstrap.min.js,/python/RFI/static/js/bootstrap.min.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.min.js,/java/rtlo/src/main/resources/static/js/bootstrap.min.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.min.js,/java/cmd4/src/main/resources/static/js/bootstrap.min.js,/java/sqli-like/src/main/resources/static/js/bootstrap.min.js,/python/NoSQL/static/js/bootstrap.min.js,/python/graphql-IDOR/static/js/bootstrap.min.js,/python/Unreferenced-files/static/js/bootstrap.min.js,/java/ssrf/src/main/resources/static/js/bootstrap.min.js,/python/Ldap-injection/static/js/bootstrap.min.js,/python/CMD/static/js/bootstrap.min.js,/python/XXE/static/js/bootstrap.min.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.min.js,/java/racecondition/src/main/resources/static/js/bootstrap.min.js,/java/cors/src/main/resources/static/js/bootstrap.min.js,/python/CMD-Blind/static/js/bootstrap.min.js,/python/user-registration-process/static/js/bootstrap.min.js,/python/DES-Pickle/static/js/bootstrap.min.js,/java/idor/src/main/resources/static/js/bootstrap.min.js,/java/csp/src/main/resources/static/js/bootstrap.min.js,/python/credentials-guessing-2/static/js/bootstrap.min.js,/python/DES-Pickle-2/static/js/bootstrap.min.js,/python/SQLI-login-bypass/static/js/bootstrap.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.min.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.min.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.min.js,/python/SQLI-like/static/js/bootstrap.min.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.min.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.min.js,/python/graphql-mutation/static/js/bootstrap.min.js,/python/Auth-bypass-2/static/js/bootstrap.min.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.min.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.min.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-metadata/static/js/bootstrap.min.js,/python/CSRF-weak/static/js/bootstrap.min.js,/python/SQLI-blind/static/js/bootstrap.min.js,/python/XSS-DOM/static/js/bootstrap.min.js,/python/Attack-Server/static/js/bootstrap.min.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.min.js,/python/Formula-injection/static/js/bootstrap.min.js,/python/JWT-secret/static/js/bootstrap.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.min.js,/java/xss-stored/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-comments/static/js/bootstrap.min.js,/python/IDOR/static/js/bootstrap.min.js,/python/CMD2/static/js/bootstrap.min.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.min.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.min.js,/java/lfi2/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.min.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.min.js,/python/Threat-modeling/static/js/bootstrap.min.js,/java/cssi/src/main/resources/static/js/bootstrap.min.js,/java/sqli/src/main/resources/static/js/bootstrap.min.js,/python/CMD3/static/js/bootstrap.min.js,/python/Auth-bypass-3/static/js/bootstrap.min.js,/python/XSS-url/static/js/bootstrap.min.js,/python/JWT-null/static/js/bootstrap.min.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass-simple/static/js/bootstrap.min.js,/python/XSS-attribute/static/js/bootstrap.min.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.min.js,/python/HTML-injection/static/js/bootstrap.min.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.min.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.min.js,/python/RaceCondition-file-write/static/js/bootstrap.min.js,/python/client-side-restriction-bypass/static/js/bootstrap.min.js,/java/csti/src/main/resources/static/js/bootstrap.min.js,/python/DoS-regex/static/js/bootstrap.min.js,/java/cmd/src/main/resources/static/js/bootstrap.min.js,/python/LFI-3/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.min.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.min.js,/python/graphql-info-introspection/static/js/bootstrap.min.js,/java/dos-regex/src/main/resources/static/js/bootstrap.min.js,/python/SessionPuzzle/static/js/bootstrap.min.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.min.js,/python/Content-type/static/js/bootstrap.min.js,/python/account-provisioning-process/static/js/bootstrap.min.js,/java/xxe/src/main/resources/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/file-upload/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection-harder/static/js/bootstrap.min.js,/python/Untrusted-sources-js/static/js/bootstrap.min.js,/python/credentials-guessing-1/static/js/bootstrap.min.js,/java/csrf/src/main/resources/static/js/bootstrap.min.js,/java/cmd2/src/main/resources/static/js/bootstrap.min.js,/java/content-type/src/main/resources/static/js/bootstrap.min.js,/python/http-response-splitting/static/js/bootstrap.min.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.min.js,/java/jwt-null/src/main/resources/static/js/bootstrap.min.js,/python/XSS/static/js/bootstrap.min.js,/java/formula-injection/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection/static/js/bootstrap.min.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.min.js,/python/CSRF/static/js/bootstrap.min.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.min.js,/java/des-java/src/main/resources/static/js/bootstrap.min.js,/python/CSP/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.min.js,/python/CSSI/static/js/bootstrap.min.js,/python/SQLI/static/js/bootstrap.min.js,/java/xss-dom/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-1/static/js/bootstrap.min.js,/java/xss-url/src/main/resources/static/js/bootstrap.min.js,/python/CMD4/static/js/bootstrap.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.min.js,/python/DNS-rebinding/static/js/bootstrap.min.js,/python/Auth-bypass-1/static/js/bootstrap.min.js,/python/LFI-2/static/js/bootstrap.min.js,/python/graphql-injections/static/js/bootstrap.min.js,/python/XSS-DOM-2/static/js/bootstrap.min.js,/python/Ldap-injection-harder/static/js/bootstrap.min.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-2/static/js/bootstrap.min.js,/python/RaceCondition/static/js/bootstrap.min.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.min.js,/java/cmd3/src/main/resources/static/js/bootstrap.min.js,/python/File-upload/static/js/bootstrap.min.js,/java/des-yaml/src/main/resources/static/js/bootstrap.min.js,/java/lfi3/src/main/resources/static/js/bootstrap.min.js,/python/CORS/static/js/bootstrap.min.js,/python/ratelimiting/static/js/bootstrap.min.js,/python/TLS-downgrade/static/js/bootstrap.min.js,/python/RTLO/static/js/bootstrap.min.js,/nodeJs/Graphql-DOS/static/js/bootstrap.min.js,/python/Url-redirection-harder2/static/js/bootstrap.min.js,/java/url-redirection/src/main/resources/static/js/bootstrap.min.js,/java/rfi/src/main/resources/static/js/bootstrap.min.js,/java/xss/src/main/resources/static/js/bootstrap.min.js,/python/session-hijacking-xss/static/js/bootstrap.min.js,/python/DES-Yaml/static/js/bootstrap.min.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.min.js,/python/SSRF/static/js/bootstrap.min.js,/python/weak-lock-out-mechanism/static/js/bootstrap.min.js,/python/CSRF-SameSite/static/js/bootstrap.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.min.js,/python/X-allow-origin/static/js/bootstrap.min.js,/java/lfi/src/main/resources/static/js/bootstrap.min.js,/python/Web-cache-poisoning/static/js/bootstrap.min.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.min.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.min.js,/python/LFI/static/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.2.0.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0

CVE-2018-14042

Vulnerable Library - bootstrap-3.2.0.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.min.js

Path to dependency file: /lab-template/evil.html

Path to vulnerable library: /java/ssti/src/main/resources/static/js/bootstrap.min.js,/python/CSTI/static/js/bootstrap.min.js,/python/SSTI/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass/static/js/bootstrap.min.js,/java/ssti/src/main/resources/static/old/js/bootstrap.min.js,/python/RFI/static/js/bootstrap.min.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.min.js,/java/rtlo/src/main/resources/static/js/bootstrap.min.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.min.js,/java/cmd4/src/main/resources/static/js/bootstrap.min.js,/java/sqli-like/src/main/resources/static/js/bootstrap.min.js,/python/NoSQL/static/js/bootstrap.min.js,/python/graphql-IDOR/static/js/bootstrap.min.js,/python/Unreferenced-files/static/js/bootstrap.min.js,/java/ssrf/src/main/resources/static/js/bootstrap.min.js,/python/Ldap-injection/static/js/bootstrap.min.js,/python/CMD/static/js/bootstrap.min.js,/python/XXE/static/js/bootstrap.min.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.min.js,/java/racecondition/src/main/resources/static/js/bootstrap.min.js,/java/cors/src/main/resources/static/js/bootstrap.min.js,/python/CMD-Blind/static/js/bootstrap.min.js,/python/user-registration-process/static/js/bootstrap.min.js,/python/DES-Pickle/static/js/bootstrap.min.js,/java/idor/src/main/resources/static/js/bootstrap.min.js,/java/csp/src/main/resources/static/js/bootstrap.min.js,/python/credentials-guessing-2/static/js/bootstrap.min.js,/python/DES-Pickle-2/static/js/bootstrap.min.js,/python/SQLI-login-bypass/static/js/bootstrap.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.min.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.min.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.min.js,/python/SQLI-like/static/js/bootstrap.min.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.min.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.min.js,/python/graphql-mutation/static/js/bootstrap.min.js,/python/Auth-bypass-2/static/js/bootstrap.min.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.min.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.min.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-metadata/static/js/bootstrap.min.js,/python/CSRF-weak/static/js/bootstrap.min.js,/python/SQLI-blind/static/js/bootstrap.min.js,/python/XSS-DOM/static/js/bootstrap.min.js,/python/Attack-Server/static/js/bootstrap.min.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.min.js,/python/Formula-injection/static/js/bootstrap.min.js,/python/JWT-secret/static/js/bootstrap.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.min.js,/java/xss-stored/src/main/resources/static/js/bootstrap.min.js,/python/info-leakeage-comments/static/js/bootstrap.min.js,/python/IDOR/static/js/bootstrap.min.js,/python/CMD2/static/js/bootstrap.min.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.min.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.min.js,/java/lfi2/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.min.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.min.js,/python/Threat-modeling/static/js/bootstrap.min.js,/java/cssi/src/main/resources/static/js/bootstrap.min.js,/java/sqli/src/main/resources/static/js/bootstrap.min.js,/python/CMD3/static/js/bootstrap.min.js,/python/Auth-bypass-3/static/js/bootstrap.min.js,/python/XSS-url/static/js/bootstrap.min.js,/python/JWT-null/static/js/bootstrap.min.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.min.js,/python/Auth-bypass-simple/static/js/bootstrap.min.js,/python/XSS-attribute/static/js/bootstrap.min.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.min.js,/python/HTML-injection/static/js/bootstrap.min.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.min.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.min.js,/python/RaceCondition-file-write/static/js/bootstrap.min.js,/python/client-side-restriction-bypass/static/js/bootstrap.min.js,/java/csti/src/main/resources/static/js/bootstrap.min.js,/python/DoS-regex/static/js/bootstrap.min.js,/java/cmd/src/main/resources/static/js/bootstrap.min.js,/python/LFI-3/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.min.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.min.js,/python/graphql-info-introspection/static/js/bootstrap.min.js,/java/dos-regex/src/main/resources/static/js/bootstrap.min.js,/python/SessionPuzzle/static/js/bootstrap.min.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.min.js,/python/Content-type/static/js/bootstrap.min.js,/python/account-provisioning-process/static/js/bootstrap.min.js,/java/xxe/src/main/resources/static/js/bootstrap.min.js,/lab-template/static/js/bootstrap.min.js,/java/file-upload/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection-harder/static/js/bootstrap.min.js,/python/Untrusted-sources-js/static/js/bootstrap.min.js,/python/credentials-guessing-1/static/js/bootstrap.min.js,/java/csrf/src/main/resources/static/js/bootstrap.min.js,/java/cmd2/src/main/resources/static/js/bootstrap.min.js,/java/content-type/src/main/resources/static/js/bootstrap.min.js,/python/http-response-splitting/static/js/bootstrap.min.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.min.js,/java/jwt-null/src/main/resources/static/js/bootstrap.min.js,/python/XSS/static/js/bootstrap.min.js,/java/formula-injection/src/main/resources/static/js/bootstrap.min.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.min.js,/python/Url-redirection/static/js/bootstrap.min.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.min.js,/python/CSRF/static/js/bootstrap.min.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.min.js,/java/des-java/src/main/resources/static/js/bootstrap.min.js,/python/CSP/static/js/bootstrap.min.js,/c/32_bufferOverflow/static/js/bootstrap.min.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.min.js,/python/CSSI/static/js/bootstrap.min.js,/python/SQLI/static/js/bootstrap.min.js,/java/xss-dom/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-1/static/js/bootstrap.min.js,/java/xss-url/src/main/resources/static/js/bootstrap.min.js,/python/CMD4/static/js/bootstrap.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.min.js,/python/DNS-rebinding/static/js/bootstrap.min.js,/python/Auth-bypass-1/static/js/bootstrap.min.js,/python/LFI-2/static/js/bootstrap.min.js,/python/graphql-injections/static/js/bootstrap.min.js,/python/XSS-DOM-2/static/js/bootstrap.min.js,/python/Ldap-injection-harder/static/js/bootstrap.min.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.min.js,/python/Session-Management-2/static/js/bootstrap.min.js,/python/RaceCondition/static/js/bootstrap.min.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.min.js,/java/cmd3/src/main/resources/static/js/bootstrap.min.js,/python/File-upload/static/js/bootstrap.min.js,/java/des-yaml/src/main/resources/static/js/bootstrap.min.js,/java/lfi3/src/main/resources/static/js/bootstrap.min.js,/python/CORS/static/js/bootstrap.min.js,/python/ratelimiting/static/js/bootstrap.min.js,/python/TLS-downgrade/static/js/bootstrap.min.js,/python/RTLO/static/js/bootstrap.min.js,/nodeJs/Graphql-DOS/static/js/bootstrap.min.js,/python/Url-redirection-harder2/static/js/bootstrap.min.js,/java/url-redirection/src/main/resources/static/js/bootstrap.min.js,/java/rfi/src/main/resources/static/js/bootstrap.min.js,/java/xss/src/main/resources/static/js/bootstrap.min.js,/python/session-hijacking-xss/static/js/bootstrap.min.js,/python/DES-Yaml/static/js/bootstrap.min.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.min.js,/python/SSRF/static/js/bootstrap.min.js,/python/weak-lock-out-mechanism/static/js/bootstrap.min.js,/python/CSRF-SameSite/static/js/bootstrap.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.min.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.min.js,/python/X-allow-origin/static/js/bootstrap.min.js,/java/lfi/src/main/resources/static/js/bootstrap.min.js,/python/Web-cache-poisoning/static/js/bootstrap.min.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.min.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.min.js,/python/LFI/static/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.2.0.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Release Date: 2018-07-13

Fix Resolution: bootstrap - 3.4.0,4.1.2

nodemon-2.0.22.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - nodemon-2.0.22.tgz

Path to dependency file: /nodeJs/CSRF/package.json

Path to vulnerable library: /nodeJs/CSRF/node_modules/simple-update-notifier/node_modules/semver/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (nodemon version) Remediation Possible**
CVE-2022-25883 Medium 5.3 semver-7.0.0.tgz Transitive 3.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-25883

Vulnerable Library - semver-7.0.0.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-7.0.0.tgz

Path to dependency file: /nodeJs/CSRF/package.json

Path to vulnerable library: /nodeJs/CSRF/node_modules/simple-update-notifier/node_modules/semver/package.json

Dependency Hierarchy:

  • nodemon-2.0.22.tgz (Root Library)
    • simple-update-notifier-1.1.0.tgz
      • semver-7.0.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c2qf-rxjj-qqgw

Release Date: 2023-06-21

Fix Resolution (semver): 7.5.2

Direct dependency fix Resolution (nodemon): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

Werkzeug-2.2.3-py3-none-any.whl: 2 vulnerabilities (highest severity is: 8.0)

Vulnerable Library - Werkzeug-2.2.3-py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl

Path to dependency file: /python/graphql-IDOR/requirements.txt

Path to vulnerable library: /python/graphql-IDOR/requirements.txt,/python/NoSQL/requirements.txt,/python/graphql-injections/requirements.txt,/python/graphql-info-introspection/requirements.txt,/python/CMD-Blind/requirements.txt,/python/http-response-splitting/requirements.txt,/python/graphql-mutation/requirements.txt,/python/graphql-dos-resource-exhaustion/requirements.txt,/python/TLS-downgrade/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/CMD4/requirements.txt,/python/client-side-restriction-bypass-2/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Werkzeug version) Remediation Possible**
CVE-2023-46136 High 8.0 Werkzeug-2.2.3-py3-none-any.whl Direct 2.3.8
CVE-2024-34069 High 7.5 Werkzeug-2.2.3-py3-none-any.whl Direct 3.0.3

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-46136

Vulnerable Library - Werkzeug-2.2.3-py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl

Path to dependency file: /python/graphql-IDOR/requirements.txt

Path to vulnerable library: /python/graphql-IDOR/requirements.txt,/python/NoSQL/requirements.txt,/python/graphql-injections/requirements.txt,/python/graphql-info-introspection/requirements.txt,/python/CMD-Blind/requirements.txt,/python/http-response-splitting/requirements.txt,/python/graphql-mutation/requirements.txt,/python/graphql-dos-resource-exhaustion/requirements.txt,/python/TLS-downgrade/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/CMD4/requirements.txt,/python/client-side-restriction-bypass-2/requirements.txt

Dependency Hierarchy:

  • Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

Publish Date: 2023-10-24

URL: CVE-2023-46136

CVSS 3 Score Details (8.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hrfv-mqp8-q5rw

Release Date: 2023-10-24

Fix Resolution: 2.3.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-34069

Vulnerable Library - Werkzeug-2.2.3-py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl

Path to dependency file: /python/graphql-IDOR/requirements.txt

Path to vulnerable library: /python/graphql-IDOR/requirements.txt,/python/NoSQL/requirements.txt,/python/graphql-injections/requirements.txt,/python/graphql-info-introspection/requirements.txt,/python/CMD-Blind/requirements.txt,/python/http-response-splitting/requirements.txt,/python/graphql-mutation/requirements.txt,/python/graphql-dos-resource-exhaustion/requirements.txt,/python/TLS-downgrade/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/CMD4/requirements.txt,/python/client-side-restriction-bypass-2/requirements.txt

Dependency Hierarchy:

  • Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Publish Date: 2024-05-06

URL: CVE-2024-34069

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-2g68-c3qc-8985

Release Date: 2024-05-06

Fix Resolution: 3.0.3

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

Chart-1.0.1-beta.4.min.js: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Chart-1.0.1-beta.4.min.js

Simple HTML5 charts using the canvas element.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/Chart.js/1.0.1-beta.4/Chart.min.js

Path to vulnerable library: /python/XSS-url/static/js/chart.min.js,/python/SQLI-like/static/js/chart.min.js,/python/CSP/static/js/chart.min.js,/python/NoSQL/static/js/chart.min.js,/python/CSRF-SameSite/static/js/chart.min.js,/python/CMD/static/js/chart.min.js,/java/jwt-null/src/main/resources/static/js/chart.min.js,/python/CMD2/static/js/chart.min.js,/java/url-redirection-harder2/src/main/resources/static/js/chart.min.js,/python/XSS-DOM/static/js/chart.min.js,/python/graphql-injections/static/js/chart.min.js,/python/Content-type/static/js/chart.min.js,/java/auth-bypass2/src/main/resources/static/js/chart.min.js,/python/JWT-secret/static/js/chart.min.js,/python/http-response-splitting/static/js/chart.min.js,/python/graphql-IDOR/static/js/chart.min.js,/python/Url-redirection/static/js/chart.min.js,/java/ldap-injection/src/main/resources/static/js/chart.min.js,/python/RTLO/static/js/chart.min.js,/python/DES-Pickle/static/js/chart.min.js,/python/DoS-regex/static/js/chart.min.js,/python/DES-Pickle-2/static/js/chart.min.js,/java/cssi/src/main/resources/static/js/chart.min.js,/python/JWT-null/static/js/chart.min.js,/python/user-registration-process/static/js/chart.min.js,/python/Url-redirection-harder/static/js/chart.min.js,/python/client-side-restriction-bypass-2/static/js/chart.min.js,/java/xss/src/main/resources/static/js/chart.min.js,/java/racecondition/src/main/resources/static/js/chart.min.js,/java/content-type/src/main/resources/static/js/chart.min.js,/python/DNS-rebinding/static/js/chart.min.js,/java/csrf-weak/src/main/resources/static/js/chart.min.js,/java/info-leakage-comments/src/main/resources/static/js/chart.min.js,/python/DES-Yaml/static/js/chart.min.js,/python/RFI/static/js/chart.min.js,/python/Web-cache-poisoning/static/js/chart.min.js,/java/lfi3/src/main/resources/static/js/chart.min.js,/python/SQLI-blind/static/js/chart.min.js,/java/graphql-injections/src/main/resources/static/js/chart.min.js,/python/IDOR/static/js/chart.min.js,/python/info-leakeage-metadata/static/js/chart.min.js,/python/CSRF-weak/static/js/chart.min.js,/lab-template/static/js/chart.min.js,/python/ratelimiting/static/js/chart.min.js,/java/lfi2/src/main/resources/static/js/chart.min.js,/python/LFI-3/static/js/chart.min.js,/python/graphql-info-introspection/static/js/chart.min.js,/python/SQLI-login-bypass/static/js/chart.min.js,/python/Formula-injection/static/js/chart.min.js,/java/credentials-guessing2/src/main/resources/static/js/chart.min.js,/c/32_bufferOverflow/static/js/chart.min.js,/python/session-hijacking-xss/static/js/chart.min.js,/python/Auth-bypass/static/js/chart.min.js,/java/sqli-like/src/main/resources/static/js/chart.min.js,/java/rtlo/src/main/resources/static/js/chart.min.js,/java/ssrf/src/main/resources/static/js/chart.min.js,/java/xss-dom2/src/main/resources/static/js/chart.min.js,/python/SessionPuzzle/static/js/chart.min.js,/python/RaceCondition-file-write/static/js/chart.min.js,/java/formula-injection/src/main/resources/static/js/chart.min.js,/java/cmd2/src/main/resources/static/js/chart.min.js,/python/SSRF/static/js/chart.min.js,/python/Host-Header-Authentication-Bypass/static/js/chart.min.js,/python/credentials-guessing-1/static/js/chart.min.js,/python/Session-Management-1/static/js/chart.min.js,/python/CMD4/static/js/chart.min.js,/python/XSS/static/js/chart.min.js,/java/ratelimiting/src/main/resources/static/js/chart.min.js,/java/ssti/src/main/resources/static/js/chart.min.js,/java/ldap-injection-harder/src/main/resources/static/js/chart.min.js,/java/graphql-info-introspection/src/main/resources/static/js/chart.min.js,/python/TLS-downgrade/static/js/chart.min.js,/java/cmd-blind/src/main/resources/static/js/chart.min.js,/java/sqli-blind/src/main/resources/static/js/chart.min.js,/python/CMD-Blind/static/js/chart.min.js,/python/Auth-bypass-3/static/js/chart.min.js,/python/CSSI/static/js/chart.min.js,/java/rfi/src/main/resources/static/js/chart.min.js,/java/cmd/src/main/resources/static/js/chart.min.js,/python/SQLI/static/js/chart.min.js,/nodeJs/Graphql-DOS/static/js/chart.min.js,/java/session-hijacking-xss/src/main/resources/static/js/chart.min.js,/java/xxe/src/main/resources/static/js/chart.min.js,/java/http-response-splitting/src/main/resources/static/js/chart.min.js,/java/dos-regex/src/main/resources/static/js/chart.min.js,/java/sessionpuzzle/src/main/resources/static/js/chart.min.js,/python/client-side-restriction-bypass/static/js/chart.min.js,/java/csp/src/main/resources/static/js/chart.min.js,/java/xss-stored/src/main/resources/static/js/chart.min.js,/python/CMD3/static/js/chart.min.js,/java/des-java/src/main/resources/static/js/chart.min.js,/java/credentials-guessing1/src/main/resources/static/js/chart.min.js,/java/untrusted-sources/src/main/resources/static/js/chart.min.js,/python/account-provisioning-process/static/js/chart.min.js,/java/jwt-secret/src/main/resources/static/js/chart.min.js,/python/CORS/static/js/chart.min.js,/java/parameter-binding/src/main/resources/static/js/chart.min.js,/python/Attack-Server/static/js/chart.min.js,/java/lfi/src/main/resources/static/js/chart.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/chart.min.js,/python/SSTI/static/js/chart.min.js,/java/idor/src/main/resources/static/js/chart.min.js,/python/Untrusted-sources-js/static/js/chart.min.js,/python/X-allow-origin/static/js/chart.min.js,/python/info-leakeage-comments/static/js/chart.min.js,/java/file-upload/src/main/resources/static/js/chart.min.js,/java/cmd4/src/main/resources/static/js/chart.min.js,/python/XXE/static/js/chart.min.js,/python/XSS-DOM-2/static/js/chart.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/chart.min.js,/java/graphql-mutation/src/main/resources/static/js/chart.min.js,/python/Auth-bypass-1/static/js/chart.min.js,/python/XSS-attribute/static/js/chart.min.js,/python/Unreferenced-files/static/js/chart.min.js,/python/Auth-bypass-simple/static/js/chart.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/chart.min.js,/python/RaceCondition/static/js/chart.min.js,/java/sqli/src/main/resources/static/js/chart.min.js,/python/HTML-injection/static/js/chart.min.js,/java/auth-bypass-simple/src/main/resources/static/js/chart.min.js,/python/Ldap-injection-harder/static/js/chart.min.js,/python/File-upload/static/js/chart.min.js,/java/url-redirection-harder/src/main/resources/static/js/chart.min.js,/python/Url-redirection-harder2/static/js/chart.min.js,/java/ssti/src/main/resources/static/old/js/chart.min.js,/java/info-leakage-metadata/src/main/resources/static/js/chart.min.js,/java/csti/src/main/resources/static/js/chart.min.js,/python/Auth-bypass-2/static/js/chart.min.js,/java/csrf-samesite/src/main/resources/static/js/chart.min.js,/java/csrf/src/main/resources/static/js/chart.min.js,/java/auth-bypass1/src/main/resources/static/js/chart.min.js,/python/CSRF/static/js/chart.min.js,/python/Threat-modeling/static/js/chart.min.js,/nodeJs/Graphql-IDOR/static/js/chart.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/chart.min.js,/python/LFI/static/js/chart.min.js,/java/cmd3/src/main/resources/static/js/chart.min.js,/python/graphql-mutation/static/js/chart.min.js,/python/WebSocket-Message-Manipulation/static/js/chart.min.js,/java/xss-dom/src/main/resources/static/js/chart.min.js,/java/cors/src/main/resources/static/js/chart.min.js,/python/Session-Management-2/static/js/chart.min.js,/python/credentials-guessing-2/static/js/chart.min.js,/python/graphql-dos-resource-exhaustion/static/js/chart.min.js,/python/weak-or-unenforced-username-policy/static/js/chart.min.js,/java/xss-url/src/main/resources/static/js/chart.min.js,/java/auth-bypass3/src/main/resources/static/js/chart.min.js,/python/Ldap-injection/static/js/chart.min.js,/java/des-yaml/src/main/resources/static/js/chart.min.js,/java/url-redirection/src/main/resources/static/js/chart.min.js,/python/CSTI/static/js/chart.min.js,/java/racecondition-file-write/src/main/resources/static/js/chart.min.js,/python/weak-lock-out-mechanism/static/js/chart.min.js,/python/LFI-2/static/js/chart.min.js,/java/graphql-idor/src/main/resources/static/js/chart.min.js

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Chart version) Remediation Possible**
CVE-2020-7746 High 7.5 Chart-1.0.1-beta.4.min.js Direct chart.js - 2.9.4

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-7746

Vulnerable Library - Chart-1.0.1-beta.4.min.js

Simple HTML5 charts using the canvas element.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/Chart.js/1.0.1-beta.4/Chart.min.js

Path to vulnerable library: /python/XSS-url/static/js/chart.min.js,/python/SQLI-like/static/js/chart.min.js,/python/CSP/static/js/chart.min.js,/python/NoSQL/static/js/chart.min.js,/python/CSRF-SameSite/static/js/chart.min.js,/python/CMD/static/js/chart.min.js,/java/jwt-null/src/main/resources/static/js/chart.min.js,/python/CMD2/static/js/chart.min.js,/java/url-redirection-harder2/src/main/resources/static/js/chart.min.js,/python/XSS-DOM/static/js/chart.min.js,/python/graphql-injections/static/js/chart.min.js,/python/Content-type/static/js/chart.min.js,/java/auth-bypass2/src/main/resources/static/js/chart.min.js,/python/JWT-secret/static/js/chart.min.js,/python/http-response-splitting/static/js/chart.min.js,/python/graphql-IDOR/static/js/chart.min.js,/python/Url-redirection/static/js/chart.min.js,/java/ldap-injection/src/main/resources/static/js/chart.min.js,/python/RTLO/static/js/chart.min.js,/python/DES-Pickle/static/js/chart.min.js,/python/DoS-regex/static/js/chart.min.js,/python/DES-Pickle-2/static/js/chart.min.js,/java/cssi/src/main/resources/static/js/chart.min.js,/python/JWT-null/static/js/chart.min.js,/python/user-registration-process/static/js/chart.min.js,/python/Url-redirection-harder/static/js/chart.min.js,/python/client-side-restriction-bypass-2/static/js/chart.min.js,/java/xss/src/main/resources/static/js/chart.min.js,/java/racecondition/src/main/resources/static/js/chart.min.js,/java/content-type/src/main/resources/static/js/chart.min.js,/python/DNS-rebinding/static/js/chart.min.js,/java/csrf-weak/src/main/resources/static/js/chart.min.js,/java/info-leakage-comments/src/main/resources/static/js/chart.min.js,/python/DES-Yaml/static/js/chart.min.js,/python/RFI/static/js/chart.min.js,/python/Web-cache-poisoning/static/js/chart.min.js,/java/lfi3/src/main/resources/static/js/chart.min.js,/python/SQLI-blind/static/js/chart.min.js,/java/graphql-injections/src/main/resources/static/js/chart.min.js,/python/IDOR/static/js/chart.min.js,/python/info-leakeage-metadata/static/js/chart.min.js,/python/CSRF-weak/static/js/chart.min.js,/lab-template/static/js/chart.min.js,/python/ratelimiting/static/js/chart.min.js,/java/lfi2/src/main/resources/static/js/chart.min.js,/python/LFI-3/static/js/chart.min.js,/python/graphql-info-introspection/static/js/chart.min.js,/python/SQLI-login-bypass/static/js/chart.min.js,/python/Formula-injection/static/js/chart.min.js,/java/credentials-guessing2/src/main/resources/static/js/chart.min.js,/c/32_bufferOverflow/static/js/chart.min.js,/python/session-hijacking-xss/static/js/chart.min.js,/python/Auth-bypass/static/js/chart.min.js,/java/sqli-like/src/main/resources/static/js/chart.min.js,/java/rtlo/src/main/resources/static/js/chart.min.js,/java/ssrf/src/main/resources/static/js/chart.min.js,/java/xss-dom2/src/main/resources/static/js/chart.min.js,/python/SessionPuzzle/static/js/chart.min.js,/python/RaceCondition-file-write/static/js/chart.min.js,/java/formula-injection/src/main/resources/static/js/chart.min.js,/java/cmd2/src/main/resources/static/js/chart.min.js,/python/SSRF/static/js/chart.min.js,/python/Host-Header-Authentication-Bypass/static/js/chart.min.js,/python/credentials-guessing-1/static/js/chart.min.js,/python/Session-Management-1/static/js/chart.min.js,/python/CMD4/static/js/chart.min.js,/python/XSS/static/js/chart.min.js,/java/ratelimiting/src/main/resources/static/js/chart.min.js,/java/ssti/src/main/resources/static/js/chart.min.js,/java/ldap-injection-harder/src/main/resources/static/js/chart.min.js,/java/graphql-info-introspection/src/main/resources/static/js/chart.min.js,/python/TLS-downgrade/static/js/chart.min.js,/java/cmd-blind/src/main/resources/static/js/chart.min.js,/java/sqli-blind/src/main/resources/static/js/chart.min.js,/python/CMD-Blind/static/js/chart.min.js,/python/Auth-bypass-3/static/js/chart.min.js,/python/CSSI/static/js/chart.min.js,/java/rfi/src/main/resources/static/js/chart.min.js,/java/cmd/src/main/resources/static/js/chart.min.js,/python/SQLI/static/js/chart.min.js,/nodeJs/Graphql-DOS/static/js/chart.min.js,/java/session-hijacking-xss/src/main/resources/static/js/chart.min.js,/java/xxe/src/main/resources/static/js/chart.min.js,/java/http-response-splitting/src/main/resources/static/js/chart.min.js,/java/dos-regex/src/main/resources/static/js/chart.min.js,/java/sessionpuzzle/src/main/resources/static/js/chart.min.js,/python/client-side-restriction-bypass/static/js/chart.min.js,/java/csp/src/main/resources/static/js/chart.min.js,/java/xss-stored/src/main/resources/static/js/chart.min.js,/python/CMD3/static/js/chart.min.js,/java/des-java/src/main/resources/static/js/chart.min.js,/java/credentials-guessing1/src/main/resources/static/js/chart.min.js,/java/untrusted-sources/src/main/resources/static/js/chart.min.js,/python/account-provisioning-process/static/js/chart.min.js,/java/jwt-secret/src/main/resources/static/js/chart.min.js,/python/CORS/static/js/chart.min.js,/java/parameter-binding/src/main/resources/static/js/chart.min.js,/python/Attack-Server/static/js/chart.min.js,/java/lfi/src/main/resources/static/js/chart.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/chart.min.js,/python/SSTI/static/js/chart.min.js,/java/idor/src/main/resources/static/js/chart.min.js,/python/Untrusted-sources-js/static/js/chart.min.js,/python/X-allow-origin/static/js/chart.min.js,/python/info-leakeage-comments/static/js/chart.min.js,/java/file-upload/src/main/resources/static/js/chart.min.js,/java/cmd4/src/main/resources/static/js/chart.min.js,/python/XXE/static/js/chart.min.js,/python/XSS-DOM-2/static/js/chart.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/chart.min.js,/java/graphql-mutation/src/main/resources/static/js/chart.min.js,/python/Auth-bypass-1/static/js/chart.min.js,/python/XSS-attribute/static/js/chart.min.js,/python/Unreferenced-files/static/js/chart.min.js,/python/Auth-bypass-simple/static/js/chart.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/chart.min.js,/python/RaceCondition/static/js/chart.min.js,/java/sqli/src/main/resources/static/js/chart.min.js,/python/HTML-injection/static/js/chart.min.js,/java/auth-bypass-simple/src/main/resources/static/js/chart.min.js,/python/Ldap-injection-harder/static/js/chart.min.js,/python/File-upload/static/js/chart.min.js,/java/url-redirection-harder/src/main/resources/static/js/chart.min.js,/python/Url-redirection-harder2/static/js/chart.min.js,/java/ssti/src/main/resources/static/old/js/chart.min.js,/java/info-leakage-metadata/src/main/resources/static/js/chart.min.js,/java/csti/src/main/resources/static/js/chart.min.js,/python/Auth-bypass-2/static/js/chart.min.js,/java/csrf-samesite/src/main/resources/static/js/chart.min.js,/java/csrf/src/main/resources/static/js/chart.min.js,/java/auth-bypass1/src/main/resources/static/js/chart.min.js,/python/CSRF/static/js/chart.min.js,/python/Threat-modeling/static/js/chart.min.js,/nodeJs/Graphql-IDOR/static/js/chart.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/chart.min.js,/python/LFI/static/js/chart.min.js,/java/cmd3/src/main/resources/static/js/chart.min.js,/python/graphql-mutation/static/js/chart.min.js,/python/WebSocket-Message-Manipulation/static/js/chart.min.js,/java/xss-dom/src/main/resources/static/js/chart.min.js,/java/cors/src/main/resources/static/js/chart.min.js,/python/Session-Management-2/static/js/chart.min.js,/python/credentials-guessing-2/static/js/chart.min.js,/python/graphql-dos-resource-exhaustion/static/js/chart.min.js,/python/weak-or-unenforced-username-policy/static/js/chart.min.js,/java/xss-url/src/main/resources/static/js/chart.min.js,/java/auth-bypass3/src/main/resources/static/js/chart.min.js,/python/Ldap-injection/static/js/chart.min.js,/java/des-yaml/src/main/resources/static/js/chart.min.js,/java/url-redirection/src/main/resources/static/js/chart.min.js,/python/CSTI/static/js/chart.min.js,/java/racecondition-file-write/src/main/resources/static/js/chart.min.js,/python/weak-lock-out-mechanism/static/js/chart.min.js,/python/LFI-2/static/js/chart.min.js,/java/graphql-idor/src/main/resources/static/js/chart.min.js

Dependency Hierarchy:

  • Chart-1.0.1-beta.4.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

Publish Date: 2020-10-29

URL: CVE-2020-7746

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7746

Release Date: 2020-10-29

Fix Resolution: chart.js - 2.9.4

requests-2.28.1-py3-none-any.whl: 2 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - requests-2.28.1-py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/ca/91/6d9b8ccacd0412c08820f72cebaa4f0c0441b5cda699c90f618b6f8a1b42/requests-2.28.1-py3-none-any.whl

Path to dependency file: /python/Session-Management-2/requirements.txt

Path to vulnerable library: /python/Session-Management-2/requirements.txt,/python/Host-Header-Authentication-Bypass/requirements.txt,/python/HTTP-desync-CLTE-frontend-server/requirements.txt,/python/Attack-Server/requirements.txt,/python/Web-cache-poisoning/requirements.txt,/python/Session-Management-1/requirements.txt,/python/SQLI-login-bypass/requirements.txt,/python/HTTP-desync-CLTE-backend-server/requirements.txt,/python/WebSocket-Message-Manipulation/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (requests version) Remediation Possible**
CVE-2023-32681 Medium 6.1 requests-2.28.1-py3-none-any.whl Direct 2.32.0
CVE-2024-35195 Medium 5.6 requests-2.28.1-py3-none-any.whl Direct 2.32.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-32681

Vulnerable Library - requests-2.28.1-py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/ca/91/6d9b8ccacd0412c08820f72cebaa4f0c0441b5cda699c90f618b6f8a1b42/requests-2.28.1-py3-none-any.whl

Path to dependency file: /python/Session-Management-2/requirements.txt

Path to vulnerable library: /python/Session-Management-2/requirements.txt,/python/Host-Header-Authentication-Bypass/requirements.txt,/python/HTTP-desync-CLTE-frontend-server/requirements.txt,/python/Attack-Server/requirements.txt,/python/Web-cache-poisoning/requirements.txt,/python/Session-Management-1/requirements.txt,/python/SQLI-login-bypass/requirements.txt,/python/HTTP-desync-CLTE-backend-server/requirements.txt,/python/WebSocket-Message-Manipulation/requirements.txt

Dependency Hierarchy:

  • requests-2.28.1-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the Proxy-Authorization header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

Publish Date: 2023-05-26

URL: CVE-2023-32681

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j8r2-6x86-q33q

Release Date: 2023-05-26

Fix Resolution: 2.32.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-35195

Vulnerable Library - requests-2.28.1-py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/ca/91/6d9b8ccacd0412c08820f72cebaa4f0c0441b5cda699c90f618b6f8a1b42/requests-2.28.1-py3-none-any.whl

Path to dependency file: /python/Session-Management-2/requirements.txt

Path to vulnerable library: /python/Session-Management-2/requirements.txt,/python/Host-Header-Authentication-Bypass/requirements.txt,/python/HTTP-desync-CLTE-frontend-server/requirements.txt,/python/Attack-Server/requirements.txt,/python/Web-cache-poisoning/requirements.txt,/python/Session-Management-1/requirements.txt,/python/SQLI-login-bypass/requirements.txt,/python/HTTP-desync-CLTE-backend-server/requirements.txt,/python/WebSocket-Message-Manipulation/requirements.txt

Dependency Hierarchy:

  • requests-2.28.1-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Publish Date: 2024-05-20

URL: CVE-2024-35195

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9wx4-h78v-vm56

Release Date: 2024-05-20

Fix Resolution: 2.32.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

sqlite-jdbc-3.36.0.1.jar: 1 vulnerabilities (highest severity is: 8.8)

Vulnerable Library - sqlite-jdbc-3.36.0.1.jar

SQLite JDBC library

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (sqlite-jdbc version) Remediation Possible**
CVE-2023-32697 High 8.8 sqlite-jdbc-3.36.0.1.jar Direct 3.41.2.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-32697

Vulnerable Library - sqlite-jdbc-3.36.0.1.jar

SQLite JDBC library

Dependency Hierarchy:

  • sqlite-jdbc-3.36.0.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

Publish Date: 2023-05-23

URL: CVE-2023-32697

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6phf-6h5g-97j2

Release Date: 2023-05-23

Fix Resolution: 3.41.2.2

Flask_Cors-3.0.7-py2.py3-none-any.whl: 3 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Flask_Cors-3.0.7-py2.py3-none-any.whl

A Flask extension adding a decorator for CORS support

Library home page: https://files.pythonhosted.org/packages/65/cb/683f71ff8daa3aea0a5cbb276074de39f9ab66d3fbb8ad5efb5bb83e90d2/Flask_Cors-3.0.7-py2.py3-none-any.whl

Path to dependency file: /python/credentials-guessing-1/requirements.txt

Path to vulnerable library: /python/credentials-guessing-1/requirements.txt,/python/LFI-3/requirements.txt,/python/Url-redirection/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/SSRF/requirements.txt,/python/DES-Yaml/requirements.txt,/python/CMD2/requirements.txt,/python/CMD4/requirements.txt,/python/CMD/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/IDOR/requirements.txt,/python/CSTI/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/X-allow-origin/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/SSTI/requirements.txt,/python/RFI/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/ratelimiting/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/JWT-secret/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Auth-bypass/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/Ldap-injection/requirements.txt,/python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CSRF-weak/requirements.txt,/python/NoSQL/requirements.txt,/python/XSS-attribute/requirements.txt,/python/DoS-regex/requirements.txt,/python/http-response-splitting/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/File-upload/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CORS/requirements.txt,/python/Content-type/requirements.txt,/python/CMD3/requirements.txt,/python/DES-Pickle/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/Formula-injection/requirements.txt,/python/CSP/requirements.txt,/python/JWT-null/requirements.txt,/python/CSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/XSS/requirements.txt,/python/user-registration-process/requirements.txt,/python/LFI/requirements.txt,/python/HTML-injection/requirements.txt,/python/SQLI-like/requirements.txt,/python/LFI-2/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/XXE/requirements.txt,/python/info-leakeage-comments/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Flask_Cors version) Remediation Possible**
CVE-2024-6221 High 7.5 Flask_Cors-3.0.7-py2.py3-none-any.whl Direct N/A
CVE-2020-25032 High 7.5 Flask_Cors-3.0.7-py2.py3-none-any.whl Direct 3.0.9
CVE-2024-1681 Medium 5.3 Flask_Cors-3.0.7-py2.py3-none-any.whl Direct flask-cors - 4.0.1

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-6221

Vulnerable Library - Flask_Cors-3.0.7-py2.py3-none-any.whl

A Flask extension adding a decorator for CORS support

Library home page: https://files.pythonhosted.org/packages/65/cb/683f71ff8daa3aea0a5cbb276074de39f9ab66d3fbb8ad5efb5bb83e90d2/Flask_Cors-3.0.7-py2.py3-none-any.whl

Path to dependency file: /python/credentials-guessing-1/requirements.txt

Path to vulnerable library: /python/credentials-guessing-1/requirements.txt,/python/LFI-3/requirements.txt,/python/Url-redirection/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/SSRF/requirements.txt,/python/DES-Yaml/requirements.txt,/python/CMD2/requirements.txt,/python/CMD4/requirements.txt,/python/CMD/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/IDOR/requirements.txt,/python/CSTI/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/X-allow-origin/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/SSTI/requirements.txt,/python/RFI/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/ratelimiting/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/JWT-secret/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Auth-bypass/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/Ldap-injection/requirements.txt,/python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CSRF-weak/requirements.txt,/python/NoSQL/requirements.txt,/python/XSS-attribute/requirements.txt,/python/DoS-regex/requirements.txt,/python/http-response-splitting/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/File-upload/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CORS/requirements.txt,/python/Content-type/requirements.txt,/python/CMD3/requirements.txt,/python/DES-Pickle/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/Formula-injection/requirements.txt,/python/CSP/requirements.txt,/python/JWT-null/requirements.txt,/python/CSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/XSS/requirements.txt,/python/user-registration-process/requirements.txt,/python/LFI/requirements.txt,/python/HTML-injection/requirements.txt,/python/SQLI-like/requirements.txt,/python/LFI-2/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/XXE/requirements.txt,/python/info-leakeage-comments/requirements.txt

Dependency Hierarchy:

  • Flask_Cors-3.0.7-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Publish Date: 2024-08-18

URL: CVE-2024-6221

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

CVE-2020-25032

Vulnerable Library - Flask_Cors-3.0.7-py2.py3-none-any.whl

A Flask extension adding a decorator for CORS support

Library home page: https://files.pythonhosted.org/packages/65/cb/683f71ff8daa3aea0a5cbb276074de39f9ab66d3fbb8ad5efb5bb83e90d2/Flask_Cors-3.0.7-py2.py3-none-any.whl

Path to dependency file: /python/credentials-guessing-1/requirements.txt

Path to vulnerable library: /python/credentials-guessing-1/requirements.txt,/python/LFI-3/requirements.txt,/python/Url-redirection/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/SSRF/requirements.txt,/python/DES-Yaml/requirements.txt,/python/CMD2/requirements.txt,/python/CMD4/requirements.txt,/python/CMD/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/IDOR/requirements.txt,/python/CSTI/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/X-allow-origin/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/SSTI/requirements.txt,/python/RFI/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/ratelimiting/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/JWT-secret/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Auth-bypass/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/Ldap-injection/requirements.txt,/python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CSRF-weak/requirements.txt,/python/NoSQL/requirements.txt,/python/XSS-attribute/requirements.txt,/python/DoS-regex/requirements.txt,/python/http-response-splitting/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/File-upload/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CORS/requirements.txt,/python/Content-type/requirements.txt,/python/CMD3/requirements.txt,/python/DES-Pickle/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/Formula-injection/requirements.txt,/python/CSP/requirements.txt,/python/JWT-null/requirements.txt,/python/CSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/XSS/requirements.txt,/python/user-registration-process/requirements.txt,/python/LFI/requirements.txt,/python/HTML-injection/requirements.txt,/python/SQLI-like/requirements.txt,/python/LFI-2/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/XXE/requirements.txt,/python/info-leakeage-comments/requirements.txt

Dependency Hierarchy:

  • Flask_Cors-3.0.7-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Publish Date: 2020-08-31

URL: CVE-2020-25032

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-08-31

Fix Resolution: 3.0.9

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-1681

Vulnerable Library - Flask_Cors-3.0.7-py2.py3-none-any.whl

A Flask extension adding a decorator for CORS support

Library home page: https://files.pythonhosted.org/packages/65/cb/683f71ff8daa3aea0a5cbb276074de39f9ab66d3fbb8ad5efb5bb83e90d2/Flask_Cors-3.0.7-py2.py3-none-any.whl

Path to dependency file: /python/credentials-guessing-1/requirements.txt

Path to vulnerable library: /python/credentials-guessing-1/requirements.txt,/python/LFI-3/requirements.txt,/python/Url-redirection/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/SSRF/requirements.txt,/python/DES-Yaml/requirements.txt,/python/CMD2/requirements.txt,/python/CMD4/requirements.txt,/python/CMD/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/IDOR/requirements.txt,/python/CSTI/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/X-allow-origin/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/SSTI/requirements.txt,/python/RFI/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/ratelimiting/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/JWT-secret/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Auth-bypass/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/Ldap-injection/requirements.txt,/python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CSRF-weak/requirements.txt,/python/NoSQL/requirements.txt,/python/XSS-attribute/requirements.txt,/python/DoS-regex/requirements.txt,/python/http-response-splitting/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/File-upload/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CORS/requirements.txt,/python/Content-type/requirements.txt,/python/CMD3/requirements.txt,/python/DES-Pickle/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/Formula-injection/requirements.txt,/python/CSP/requirements.txt,/python/JWT-null/requirements.txt,/python/CSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/XSS/requirements.txt,/python/user-registration-process/requirements.txt,/python/LFI/requirements.txt,/python/HTML-injection/requirements.txt,/python/SQLI-like/requirements.txt,/python/LFI-2/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/XXE/requirements.txt,/python/info-leakeage-comments/requirements.txt

Dependency Hierarchy:

  • Flask_Cors-3.0.7-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.

Publish Date: 2024-04-19

URL: CVE-2024-1681

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-84pr-m4jr-85g5

Release Date: 2024-04-19

Fix Resolution: flask-cors - 4.0.1

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

ejs-3.1.6.tgz: 2 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - ejs-3.1.6.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz

Path to dependency file: /nodeJs/XSS-DOM/package.json

Path to vulnerable library: /nodeJs/XSS-DOM/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/IDOR/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/LFI-3/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/LFI-2/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/XXE/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/CSP/package.json,/nodeJs/SQLI/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/SSRF/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/XSS-url/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/File-upload/package.json,/nodeJs/RFI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/LFI/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CMD4/package.json,/nodeJs/CSSI/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/RTLO/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CMD2/package.json,/nodeJs/CMD/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CMD3/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/XSS/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CORS/package.json,/nodeJs/Content-type/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (ejs version) Remediation Possible**
CVE-2022-29078 Critical 9.8 ejs-3.1.6.tgz Direct 3.1.7
CVE-2024-33883 High 8.8 ejs-3.1.6.tgz Direct ejs - 3.1.10

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-29078

Vulnerable Library - ejs-3.1.6.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz

Path to dependency file: /nodeJs/XSS-DOM/package.json

Path to vulnerable library: /nodeJs/XSS-DOM/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/IDOR/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/LFI-3/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/LFI-2/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/XXE/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/CSP/package.json,/nodeJs/SQLI/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/SSRF/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/XSS-url/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/File-upload/package.json,/nodeJs/RFI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/LFI/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CMD4/package.json,/nodeJs/CSSI/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/RTLO/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CMD2/package.json,/nodeJs/CMD/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CMD3/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/XSS/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CORS/package.json,/nodeJs/Content-type/package.json

Dependency Hierarchy:

  • ejs-3.1.6.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Publish Date: 2022-04-25

URL: CVE-2022-29078

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29078~

Release Date: 2022-04-25

Fix Resolution: 3.1.7

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-33883

Vulnerable Library - ejs-3.1.6.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz

Path to dependency file: /nodeJs/XSS-DOM/package.json

Path to vulnerable library: /nodeJs/XSS-DOM/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/IDOR/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/LFI-3/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/LFI-2/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/XXE/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/CSP/package.json,/nodeJs/SQLI/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/SSRF/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/XSS-url/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/File-upload/package.json,/nodeJs/RFI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/LFI/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CMD4/package.json,/nodeJs/CSSI/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/RTLO/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CMD2/package.json,/nodeJs/CMD/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CMD3/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/XSS/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CORS/package.json,/nodeJs/Content-type/package.json

Dependency Hierarchy:

  • ejs-3.1.6.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Publish Date: 2024-04-28

URL: CVE-2024-33883

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-33883

Release Date: 2024-04-28

Fix Resolution: ejs - 3.1.10

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

bootstrap-sass-2.3.2.2.gem: 3 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-sass-2.3.2.2.gem

Library home page: https://rubygems.org/gems/bootstrap-sass-2.3.2.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/bootstrap-sass-2.3.2.2.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bootstrap-sass version) Remediation Possible**
CVE-2019-8331 Medium 6.1 bootstrap-sass-2.3.2.2.gem Direct bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-14042 Medium 6.1 bootstrap-sass-2.3.2.2.gem Direct bootstrap - 3.4.0,4.1.2
CVE-2018-14040 Low 3.7 bootstrap-sass-2.3.2.2.gem Direct org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-8331

Vulnerable Library - bootstrap-sass-2.3.2.2.gem

Library home page: https://rubygems.org/gems/bootstrap-sass-2.3.2.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/bootstrap-sass-2.3.2.2.gem

Dependency Hierarchy:

  • bootstrap-sass-2.3.2.2.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-14042

Vulnerable Library - bootstrap-sass-2.3.2.2.gem

Library home page: https://rubygems.org/gems/bootstrap-sass-2.3.2.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/bootstrap-sass-2.3.2.2.gem

Dependency Hierarchy:

  • bootstrap-sass-2.3.2.2.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Release Date: 2018-07-13

Fix Resolution: bootstrap - 3.4.0,4.1.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-14040

Vulnerable Library - bootstrap-sass-2.3.2.2.gem

Library home page: https://rubygems.org/gems/bootstrap-sass-2.3.2.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/bootstrap-sass-2.3.2.2.gem

Dependency Hierarchy:

  • bootstrap-sass-2.3.2.2.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

requests-2.19.1-py2.py3-none-any.whl: 12 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - requests-2.19.1-py2.py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl

Path to dependency file: /python/RTLO/requirements.txt

Path to vulnerable library: /python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/LFI/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/JWT-secret/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DES-Pickle/requirements.txt,/python/CMD3/requirements.txt,/python/Content-type/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection/requirements.txt,/python/XSS-url/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/CSRF-weak/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/DES-Yaml/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/RFI/requirements.txt,/python/File-upload/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/Url-redirection/requirements.txt,/python/IDOR/requirements.txt,/python/X-allow-origin/requirements.txt,/python/NoSQL/requirements.txt,/python/DoS-regex/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Auth-bypass/requirements.txt,/python/SSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSTI/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/CMD4/requirements.txt,/python/JWT-null/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/CMD2/requirements.txt,/python/CMD/requirements.txt,/python/Formula-injection/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/user-registration-process/requirements.txt,/python/XSS/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/LFI-3/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/SQLI-like/requirements.txt,/python/HTML-injection/requirements.txt,/python/CSP/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/XXE/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (requests version) Remediation Possible**
CVE-2024-3651 High 7.5 idna-2.7-py2.py3-none-any.whl Transitive N/A*
CVE-2021-33503 High 7.5 urllib3-1.23-py2.py3-none-any.whl Transitive 2.25.0
CVE-2019-11324 High 7.5 urllib3-1.23-py2.py3-none-any.whl Transitive 2.20.0
CVE-2018-18074 High 7.5 requests-2.19.1-py2.py3-none-any.whl Direct 2.20.0
CVE-2020-26137 Medium 6.5 urllib3-1.23-py2.py3-none-any.whl Transitive 2.22.0
CVE-2023-32681 Medium 6.1 requests-2.19.1-py2.py3-none-any.whl Direct 2.32.0
CVE-2019-9740 Medium 6.1 urllib3-1.23-py2.py3-none-any.whl Transitive 2.20.0
CVE-2019-11236 Medium 6.1 urllib3-1.23-py2.py3-none-any.whl Transitive 2.20.0
CVE-2023-43804 Medium 5.9 urllib3-1.23-py2.py3-none-any.whl Transitive 2.25.0
CVE-2024-35195 Medium 5.6 requests-2.19.1-py2.py3-none-any.whl Direct 2.32.0
CVE-2024-37891 Medium 4.4 urllib3-1.23-py2.py3-none-any.whl Transitive 2.25.0
CVE-2023-45803 Medium 4.2 urllib3-1.23-py2.py3-none-any.whl Transitive 2.25.0

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (10 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2024-3651

Vulnerable Library - idna-2.7-py2.py3-none-any.whl

Internationalized Domain Names in Applications (IDNA)

Library home page: https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl

Path to dependency file: /python/Unreferenced-files/requirements.txt

Path to vulnerable library: /python/Unreferenced-files/requirements.txt,/python/Threat-modeling/requirements.txt,/python/X-allow-origin/requirements.txt,/python/http-response-splitting/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/File-upload/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/JWT-secret/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/CMD2/requirements.txt,/python/Formula-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/LFI-3/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/CMD3/requirements.txt,/python/SQLI-like/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/CSRF-weak/requirements.txt,/python/DES-Yaml/requirements.txt,/python/SQLI/requirements.txt,/python/Url-redirection/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CSTI/requirements.txt,/python/CSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/XXE/requirements.txt,/python/CSSI/requirements.txt,/python/RTLO/requirements.txt,/python/Content-type/requirements.txt,/python/LFI/requirements.txt,/python/RaceCondition/requirements.txt,/python/DES-Pickle/requirements.txt,/python/CORS/requirements.txt,/python/XSS-url/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DoS-regex/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SSTI/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/CMD4/requirements.txt,/python/XSS/requirements.txt,/python/XSS-DOM/requirements.txt,/python/CSP/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/LFI-2/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RFI/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD/requirements.txt,/python/SSRF/requirements.txt,/python/IDOR/requirements.txt,/python/ratelimiting/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • idna-2.7-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode() function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the idna.encode() function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Publish Date: 2024-07-07

URL: CVE-2024-3651

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-3651

Release Date: 2024-07-07

Fix Resolution: idna - 3.7

CVE-2021-33503

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Publish Date: 2021-06-29

URL: CVE-2021-33503

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-q2q7-5pp4-w6pg

Release Date: 2021-06-29

Fix Resolution (urllib3): 1.26.5

Direct dependency fix Resolution (requests): 2.25.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-11324

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

Publish Date: 2019-04-18

URL: CVE-2019-11324

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324

Release Date: 2019-04-18

Fix Resolution (urllib3): 1.24.2

Direct dependency fix Resolution (requests): 2.20.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-18074

Vulnerable Library - requests-2.19.1-py2.py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl

Path to dependency file: /python/RTLO/requirements.txt

Path to vulnerable library: /python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/LFI/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/JWT-secret/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DES-Pickle/requirements.txt,/python/CMD3/requirements.txt,/python/Content-type/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection/requirements.txt,/python/XSS-url/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/CSRF-weak/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/DES-Yaml/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/RFI/requirements.txt,/python/File-upload/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/Url-redirection/requirements.txt,/python/IDOR/requirements.txt,/python/X-allow-origin/requirements.txt,/python/NoSQL/requirements.txt,/python/DoS-regex/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Auth-bypass/requirements.txt,/python/SSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSTI/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/CMD4/requirements.txt,/python/JWT-null/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/CMD2/requirements.txt,/python/CMD/requirements.txt,/python/Formula-injection/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/user-registration-process/requirements.txt,/python/XSS/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/LFI-3/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/SQLI-like/requirements.txt,/python/HTML-injection/requirements.txt,/python/CSP/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/XXE/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Publish Date: 2018-10-09

URL: CVE-2018-18074

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Release Date: 2018-10-09

Fix Resolution: 2.20.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-26137

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Publish Date: 2020-09-29

URL: CVE-2020-26137

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137

Release Date: 2020-09-30

Fix Resolution (urllib3): 1.25.9

Direct dependency fix Resolution (requests): 2.22.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-32681

Vulnerable Library - requests-2.19.1-py2.py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl

Path to dependency file: /python/RTLO/requirements.txt

Path to vulnerable library: /python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/LFI/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/JWT-secret/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DES-Pickle/requirements.txt,/python/CMD3/requirements.txt,/python/Content-type/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection/requirements.txt,/python/XSS-url/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/CSRF-weak/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/DES-Yaml/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/RFI/requirements.txt,/python/File-upload/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/Url-redirection/requirements.txt,/python/IDOR/requirements.txt,/python/X-allow-origin/requirements.txt,/python/NoSQL/requirements.txt,/python/DoS-regex/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Auth-bypass/requirements.txt,/python/SSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSTI/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/CMD4/requirements.txt,/python/JWT-null/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/CMD2/requirements.txt,/python/CMD/requirements.txt,/python/Formula-injection/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/user-registration-process/requirements.txt,/python/XSS/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/LFI-3/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/SQLI-like/requirements.txt,/python/HTML-injection/requirements.txt,/python/CSP/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/XXE/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the Proxy-Authorization header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

Publish Date: 2023-05-26

URL: CVE-2023-32681

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j8r2-6x86-q33q

Release Date: 2023-05-26

Fix Resolution: 2.32.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-9740

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Publish Date: 2019-03-13

URL: CVE-2019-9740

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740

Release Date: 2019-03-13

Fix Resolution (urllib3): 1.24.3

Direct dependency fix Resolution (requests): 2.20.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-11236

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Publish Date: 2019-04-15

URL: CVE-2019-11236

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-r64q-w8jr-g9qp

Release Date: 2019-04-15

Fix Resolution (urllib3): 1.24.3

Direct dependency fix Resolution (requests): 2.20.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-43804

Vulnerable Library - urllib3-1.23-py2.py3-none-any.whl

HTTP library with thread-safe connection pooling, file post, and more.

Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl

Path to dependency file: /python/LFI-3/requirements.txt

Path to vulnerable library: /python/LFI-3/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/Formula-injection/requirements.txt,/python/X-allow-origin/requirements.txt,/python/JWT-secret/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/CMD-Blind/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/CMD3/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/JWT-null/requirements.txt,/python/HTML-injection/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/SSRF/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/RFI/requirements.txt,/python/IDOR/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/File-upload/requirements.txt,/python/SSTI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Content-type/requirements.txt,/python/user-registration-process/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/CMD4/requirements.txt,/python/DoS-regex/requirements.txt,/python/CSRF-weak/requirements.txt,/python/SQLI/requirements.txt,/python/XSS-attribute/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/NoSQL/requirements.txt,/python/LFI-2/requirements.txt,/python/LFI/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CSP/requirements.txt,/python/SQLI-like/requirements.txt,/python/XSS-DOM/requirements.txt,/python/XSS/requirements.txt,/python/Url-redirection/requirements.txt,/python/Auth-bypass/requirements.txt,/python/CMD2/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/CSTI/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Ldap-injection/requirements.txt,/python/DES-Yaml/requirements.txt,/python/XSS-url/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/RTLO/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/RaceCondition/requirements.txt,/python/XXE/requirements.txt,/python/SQLI-blind/requirements.txt,/python/CSSI/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Root Library)
    • urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

Publish Date: 2023-10-04

URL: CVE-2023-43804

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-43804

Release Date: 2023-10-04

Fix Resolution (urllib3): 1.26.17

Direct dependency fix Resolution (requests): 2.25.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-35195

Vulnerable Library - requests-2.19.1-py2.py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl

Path to dependency file: /python/RTLO/requirements.txt

Path to vulnerable library: /python/RTLO/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/CORS/requirements.txt,/python/LFI/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/JWT-secret/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/http-response-splitting/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/DES-Pickle/requirements.txt,/python/CMD3/requirements.txt,/python/Content-type/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection/requirements.txt,/python/XSS-url/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/CSRF-weak/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/DES-Yaml/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/RFI/requirements.txt,/python/File-upload/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/CMD-Blind/requirements.txt,/python/SQLI/requirements.txt,/python/Url-redirection/requirements.txt,/python/IDOR/requirements.txt,/python/X-allow-origin/requirements.txt,/python/NoSQL/requirements.txt,/python/DoS-regex/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Auth-bypass/requirements.txt,/python/SSRF/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/CSTI/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/CMD4/requirements.txt,/python/JWT-null/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/CMD2/requirements.txt,/python/CMD/requirements.txt,/python/Formula-injection/requirements.txt,/python/client-side-restriction-bypass/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/user-registration-process/requirements.txt,/python/XSS/requirements.txt,/python/CSSI/requirements.txt,/python/XSS-DOM/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/LFI-3/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/SQLI-like/requirements.txt,/python/HTML-injection/requirements.txt,/python/CSP/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/XXE/requirements.txt

Dependency Hierarchy:

  • requests-2.19.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Publish Date: 2024-05-20

URL: CVE-2024-35195

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9wx4-h78v-vm56

Release Date: 2024-05-20

Fix Resolution: 2.32.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

lodash-4.6.1.tgz: 7 vulnerabilities (highest severity is: 9.1)

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (lodash version) Remediation Possible**
CVE-2019-10744 Critical 9.1 lodash-4.6.1.tgz Direct 4.17.12
CVE-2020-8203 High 7.4 lodash-4.6.1.tgz Direct 4.17.9
CVE-2021-23337 High 7.2 lodash-4.6.1.tgz Direct 4.17.21
CVE-2019-1010266 Medium 6.5 lodash-4.6.1.tgz Direct 4.17.11
CVE-2018-3721 Medium 6.5 lodash-4.6.1.tgz Direct 4.17.5
CVE-2018-16487 Medium 5.6 lodash-4.6.1.tgz Direct 4.17.11
CVE-2020-28500 Medium 5.3 lodash-4.6.1.tgz Direct 4.17.21

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-10744

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Publish Date: 2019-07-25

URL: CVE-2019-10744

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jf85-cpcp-j695

Release Date: 2019-07-25

Fix Resolution: 4.17.12

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-8203

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1523

Release Date: 2020-07-15

Fix Resolution: 4.17.9

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-23337

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-35jh-r3h4-6jhm

Release Date: 2021-02-15

Fix Resolution: 4.17.21

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-1010266

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

Publish Date: 2019-07-17

URL: CVE-2019-1010266

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-07-17

Fix Resolution: 4.17.11

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-3721

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Mend Note: Converted from WS-2019-0184, on 2022-11-08.

Publish Date: 2018-04-26

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1067

Release Date: 2018-04-26

Fix Resolution: 4.17.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-16487

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/380873

Release Date: 2019-02-01

Fix Resolution: 4.17.11

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-28500

Vulnerable Library - lodash-4.6.1.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz

Path to dependency file: /nodeJs/Prototype-Pollution/package.json

Path to vulnerable library: /nodeJs/Prototype-Pollution/package.json

Dependency Hierarchy:

  • lodash-4.6.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution: 4.17.21

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

jquery-3.1.1.min.js: 3 vulnerabilities (highest severity is: 6.9)

Vulnerable Library - jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jquery version) Remediation Possible**
CVE-2020-11023 Medium 6.9 jquery-3.1.1.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022 Medium 6.9 jquery-3.1.1.min.js Direct jQuery - 3.5.0
CVE-2019-11358 Medium 6.1 jquery-3.1.1.min.js Direct jquery - 3.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js

Dependency Hierarchy:

  • jquery-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js

Dependency Hierarchy:

  • jquery-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

CVE-2019-11358

Vulnerable Library - jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js

Dependency Hierarchy:

  • jquery-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-19

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

sqlite3-5.0.2.tgz: 11 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - sqlite3-5.0.2.tgz

Asynchronous, non-blocking SQLite3 bindings

Library home page: https://registry.npmjs.org/sqlite3/-/sqlite3-5.0.2.tgz

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (sqlite3 version) Remediation Possible**
CVE-2021-3918 Critical 9.8 json-schema-0.2.3.tgz Transitive 5.0.3
CVE-2021-37713 High 8.2 tar-2.2.2.tgz Transitive 5.0.3
CVE-2021-37712 High 8.2 tar-2.2.2.tgz Transitive 5.0.3
CVE-2021-37701 High 8.2 tar-2.2.2.tgz Transitive 5.0.3
CVE-2021-32804 High 8.2 tar-2.2.2.tgz Transitive 5.0.3
CVE-2021-32803 High 8.2 tar-2.2.2.tgz Transitive 5.0.3
CVE-2022-43441 High 8.1 sqlite3-5.0.2.tgz Direct 5.1.5
CVE-2022-24999 High 7.5 qs-6.5.2.tgz Transitive 5.0.3
CVE-2022-21227 High 7.5 sqlite3-5.0.2.tgz Direct 5.0.3
CVE-2024-28863 Medium 6.5 tar-2.2.2.tgz Transitive N/A*
CVE-2022-25883 Medium 5.3 semver-5.3.0.tgz Transitive 5.0.3

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-3918

Vulnerable Library - json-schema-0.2.3.tgz

JSON Schema validation and specifications

Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • request-2.88.2.tgz
        • http-signature-1.2.0.tgz
          • jsprim-1.4.1.tgz
            • json-schema-0.2.3.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-11-13

URL: CVE-2021-3918

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918

Release Date: 2021-11-13

Fix Resolution (json-schema): 0.4.0

Direct dependency fix Resolution (sqlite3): 5.0.3

CVE-2021-37713

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain .. path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as C:some\path. If the drive letter does not match the extraction target, for example D:\extraction\dir, then the result of path.resolve(extractionDirectory, entryPath) would resolve against the current working directory on the C: drive, rather than the extraction target directory. Additionally, a .. portion of the path could occur immediately after the drive letter, such as C:../foo, and was not properly sanitized by the logic that checked for .. within the normalized and split portions of the path. This only affects users of node-tar on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.

Publish Date: 2021-08-31

URL: CVE-2021-37713

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-5955-9wpr-37jh

Release Date: 2021-08-31

Fix Resolution (tar): 4.4.18

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-37712

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.

Publish Date: 2021-08-31

URL: CVE-2021-37712

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qq89-hq3f-393p

Release Date: 2021-08-31

Fix Resolution (tar): 4.4.18

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-37701

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both \ and / characters as path separators, however \ is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at FOO, followed by a symbolic link named foo, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but not from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the FOO directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.

Publish Date: 2021-08-31

URL: CVE-2021-37701

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9r2w-394v-53qc

Release Date: 2021-08-31

Fix Resolution (tar): 4.4.16

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-32804

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example /home/user/.bashrc would turn into home/user/.bashrc. This logic was insufficient when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom onentry method which sanitizes the entry.path or a filter method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.

Publish Date: 2021-08-03

URL: CVE-2021-32804

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3jfq-g458-7qm9

Release Date: 2021-08-03

Fix Resolution (tar): 3.2.2

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-32803

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.

Publish Date: 2021-08-03

URL: CVE-2021-32803

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-r628-mhmh-qjhw

Release Date: 2021-08-03

Fix Resolution (tar): 3.2.3

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-43441

Vulnerable Library - sqlite3-5.0.2.tgz

Asynchronous, non-blocking SQLite3 bindings

Library home page: https://registry.npmjs.org/sqlite3/-/sqlite3-5.0.2.tgz

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

Publish Date: 2023-03-16

URL: CVE-2022-43441

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jqv5-7xpx-qj74

Release Date: 2023-03-16

Fix Resolution: 5.1.5

CVE-2022-24999

Vulnerable Library - qs-6.5.2.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.5.2.tgz

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • request-2.88.2.tgz
        • qs-6.5.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).

Publish Date: 2022-11-26

URL: CVE-2022-24999

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-24999

Release Date: 2022-11-26

Fix Resolution (qs): 6.5.3

Direct dependency fix Resolution (sqlite3): 5.0.3

CVE-2022-21227

Vulnerable Library - sqlite3-5.0.2.tgz

Asynchronous, non-blocking SQLite3 bindings

Library home page: https://registry.npmjs.org/sqlite3/-/sqlite3-5.0.2.tgz

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

Publish Date: 2022-05-01

URL: CVE-2022-21227

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9qrh-qjmc-5w2p

Release Date: 2022-05-01

Fix Resolution: 5.0.3

CVE-2024-28863

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /nodeJs/CSRF-samesite/package.json

Path to vulnerable library: /nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

Publish Date: 2024-03-21

URL: CVE-2024-28863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-f5x3-32g6-xq36

Release Date: 2024-03-21

Fix Resolution: tar - 6.2.1

CVE-2022-25883

Vulnerable Library - semver-5.3.0.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-5.3.0.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CORS/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json

Dependency Hierarchy:

  • sqlite3-5.0.2.tgz (Root Library)
    • node-pre-gyp-0.11.0.tgz
      • semver-5.3.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c2qf-rxjj-qqgw

Release Date: 2023-06-21

Fix Resolution (semver): 5.7.2

Direct dependency fix Resolution (sqlite3): 5.0.3

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

Flask-1.0.2-py2.py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Flask-1.0.2-py2.py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/7f/e7/08578774ed4536d3242b14dacb4696386634607af824ea997202cd0edb4b/Flask-1.0.2-py2.py3-none-any.whl

Path to dependency file: /python/SSTI/requirements.txt

Path to vulnerable library: /python/SSTI/requirements.txt,/python/CORS/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Flask version) Remediation Possible**
CVE-2023-30861 High 7.5 Flask-1.0.2-py2.py3-none-any.whl Direct flask - 2.2.5,2.3.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-30861

Vulnerable Library - Flask-1.0.2-py2.py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/7f/e7/08578774ed4536d3242b14dacb4696386634607af824ea997202cd0edb4b/Flask-1.0.2-py2.py3-none-any.whl

Path to dependency file: /python/SSTI/requirements.txt

Path to vulnerable library: /python/SSTI/requirements.txt,/python/CORS/requirements.txt

Dependency Hierarchy:

  • Flask-1.0.2-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

  1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
  2. The application sets session.permanent = True
  3. The application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST enabled (the default).
  5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Publish Date: 2023-05-02

URL: CVE-2023-30861

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-30861

Release Date: 2023-05-02

Fix Resolution: flask - 2.2.5,2.3.2

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

spring-boot-starter-web-2.6.5-SNAPSHOT.jar: 22 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-web-2.6.5-SNAPSHOT.jar

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-web version) Remediation Possible**
CVE-2016-1000027 Critical 9.8 spring-web-5.3.17.jar Transitive N/A*
CVE-2024-22262 High 8.1 spring-web-5.3.17.jar Transitive N/A*
CVE-2024-22259 High 8.1 spring-web-5.3.17.jar Transitive N/A*
CVE-2024-22243 High 8.1 spring-web-5.3.17.jar Transitive N/A*
CVE-2024-34750 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2024-24549 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2024-23672 High 7.5 tomcat-embed-websocket-9.0.60.jar Transitive N/A*
CVE-2023-46589 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-44487 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-24998 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-20860 High 7.5 spring-webmvc-5.3.17.jar Transitive N/A*
CVE-2022-45143 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2022-42252 High 7.5 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2022-42004 High 7.5 jackson-databind-2.13.2.jar Transitive N/A*
CVE-2022-42003 High 7.5 jackson-databind-2.13.2.jar Transitive N/A*
CVE-2020-36518 High 7.5 jackson-databind-2.13.2.jar Transitive N/A*
CVE-2024-38809 Medium 6.5 spring-web-5.3.17.jar Transitive N/A*
CVE-2023-41080 Medium 6.1 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-45648 Medium 5.3 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-42795 Medium 5.3 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2023-28708 Medium 4.3 tomcat-embed-core-9.0.60.jar Transitive N/A*
CVE-2021-43980 Low 3.7 tomcat-embed-core-9.0.60.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2016-1000027

Vulnerable Library - spring-web-5.3.17.jar

Spring Web

Library home page: https://github.com/spring-projects/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • spring-web-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.

Publish Date: 2020-01-02

URL: CVE-2016-1000027

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4wrc-f8pq-fpqp

Release Date: 2020-01-02

Fix Resolution: org.springframework:spring-web:6.0.0

CVE-2024-22262

Vulnerable Library - spring-web-5.3.17.jar

Spring Web

Library home page: https://github.com/spring-projects/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • spring-web-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-04-16

URL: CVE-2024-22262

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22262

Release Date: 2024-04-16

Fix Resolution: org.springframework:spring-web:5.3.34;6.0.19,6.1.6

CVE-2024-22259

Vulnerable Library - spring-web-5.3.17.jar

Spring Web

Library home page: https://github.com/spring-projects/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • spring-web-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-03-16

URL: CVE-2024-22259

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22259

Release Date: 2024-03-16

Fix Resolution: org.springframework:spring-web:5.3.33,6.0.18,6.1.5

CVE-2024-22243

Vulnerable Library - spring-web-5.3.17.jar

Spring Web

Library home page: https://github.com/spring-projects/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • spring-web-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Publish Date: 2024-02-23

URL: CVE-2024-22243

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22243

Release Date: 2024-02-23

Fix Resolution: org.springframework:spring-web:5.3.32,6.0.17,6.1.4

CVE-2024-34750

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Publish Date: 2024-07-03

URL: CVE-2024-34750

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

Release Date: 2024-07-03

Fix Resolution: org.apache.tomcat:tomcat-coyote:9.0.90,10.1.25,11.0.0-M21, org.apache.tomcat.embed:tomcat-embed-core:9.0.90,10.1.25,11.0.0-M21

CVE-2024-24549

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-24549

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Release Date: 2024-03-13

Fix Resolution: org.apache.tomcat:tomcat-coyote:8.5.99,9.0.86,10.1.19,11.0.0-M17, org.apache.tomcat.embed:tomcat-embed-core:8.5.99,9.0.86,10.1.19,11.0.0-M17

CVE-2024-23672

Vulnerable Library - tomcat-embed-websocket-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-websocket-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-23672

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-03-13

Fix Resolution: org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17

CVE-2023-46589

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Publish Date: 2023-11-28

URL: CVE-2023-46589

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-11.html

Release Date: 2023-11-28

Fix Resolution: org.apache.tomcat:tomcat-coyote:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat:tomcat-catalina:8.5.96,9.0.83,10.1.16,11.0.0-M11

CVE-2023-44487

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Publish Date: 2023-10-10

URL: CVE-2023-44487

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487

Release Date: 2023-10-10

Fix Resolution: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3,v1.57.1,v1.58.3, kubernetes/kubernetes - v1.25.15,v1.26.10,v1.27.7,v1.28.3,v1.29.0, kubernetes/apimachinery - v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0

CVE-2023-24998

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.

Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.

Publish Date: 2023-02-20

URL: CVE-2023-24998

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-10.html

Release Date: 2023-02-20

Fix Resolution: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3

CVE-2023-20860

Vulnerable Library - spring-webmvc-5.3.17.jar

Spring Web MVC

Path to dependency file: /java/ratelimiting/pom.xml

Path to vulnerable library: /java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/cmd3/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-webmvc-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

Publish Date: 2023-03-27

URL: CVE-2023-20860

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/blog/2023/03/21/this-week-in-spring-march-21st-2023/

Release Date: 2023-03-27

Fix Resolution: org.springframework:spring-webmvc:5.3.26,6.0.7

CVE-2022-45143

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Mend Note: After conducting further research, Mend has determined that versions 10.0.x of org.apache.tomcat:tomcat-catalina are vulnerable to CVE-2022-45143.

Publish Date: 2023-01-03

URL: CVE-2022-45143

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rq2w-37h9-vg94

Release Date: 2023-01-03

Fix Resolution: org.apache.tomcat:tomcat-catalina:8.5.84,9.0.69,10.1.2, org.apache.tomcat.embed:tomcat-embed-core:8.5.84,9.0.69,10.1.2, org.apache.tomcat.experimental:tomcat-embed-programmatic:9.0.69,10.1.2

CVE-2022-42252

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

Publish Date: 2022-11-01

URL: CVE-2022-42252

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p22x-g9px-3945

Release Date: 2022-11-01

Fix Resolution: org.apache.tomcat:tomcat:8.5.83,9.0.68,10.0.27,10.1.1

CVE-2022-42004

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • jackson-databind-2.13.2.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4

CVE-2022-42003

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • jackson-databind-2.13.2.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Mend Note: For 2.13.4.x, the vulnerability is fixed in 2.13.4.1. A micro-patch was added in 2.13.4.2 to address issues for Gradle users.

Publish Date: 2022-10-02

URL: CVE-2022-42003

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jjjh-jjxp-wpff

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2

CVE-2020-36518

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • jackson-databind-2.13.2.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.

Publish Date: 2022-03-11

URL: CVE-2020-36518

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-03-11

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1

CVE-2024-38809

Vulnerable Library - spring-web-5.3.17.jar

Spring Web

Library home page: https://github.com/spring-projects/

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.6.5-SNAPSHOT.jar
      • spring-web-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Spring Framework is vulnerable DoS via conditional HTTP request. Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to Denial of Service attack. All versions before 5.3.38, 6.0.23 and 6.1.12 are affected.

Publish Date: 2024-09-24

URL: CVE-2024-38809

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38809

Release Date: 2024-06-20

Fix Resolution: org.springframework:spring-web:5.3.38,6.0.23,6.1.12

CVE-2023-41080

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

Publish Date: 2023-08-25

URL: CVE-2023-41080

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f

Release Date: 2023-08-25

Fix Resolution: org.apache.tomcat:tomcat-catalina:8.5.93,9.0.80,10.1.13,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.93,9.0.80,10.1.13,11.0.0-M11

CVE-2023-45648

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially
crafted, invalid trailer header could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

Publish Date: 2023-10-10

URL: CVE-2023-45648

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-45648

Release Date: 2023-10-10

Fix Resolution: org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12

CVE-2023-42795

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could
cause Tomcat to skip some parts of the recycling process leading to
information leaking from the current request/response to the next.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Publish Date: 2023-10-10

URL: CVE-2023-42795

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-42795

Release Date: 2023-10-10

Fix Resolution: org.apache.tomcat:tomcat-util - 8.5.94,10.1.14,11.0.0-M12,10.0.0-M1;org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,11.0.0-M12,10.1.14;org.apache.tomcat:tomcat-catalina - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12

CVE-2023-28708

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Publish Date: 2023-03-22

URL: CVE-2023-28708

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

Release Date: 2023-03-22

Fix Resolution: org.apache.tomcat:tomcat-catalina:8.5.86,9.0.72,10.1.6;org.apache.tomcat.embed/tomcat-embed-core:8.5.86,9.0.72,10.1.6

CVE-2021-43980

Vulnerable Library - tomcat-embed-core-9.0.60.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd2/pom.xml

Path to vulnerable library: /java/cmd2/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/cmd3/pom.xml,/java/file-upload/pom.xml,/java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.6.5-SNAPSHOT.jar
      • tomcat-embed-core-9.0.60.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Publish Date: 2022-09-28

URL: CVE-2021-43980

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

Release Date: 2022-09-28

Fix Resolution: org.apache.tomcat:tomcat-coyote:8.5.78,9.0.62,10.0.20,10.1.0-M14

PyJWT-1.4.2-py2.py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.4)

Vulnerable Library - PyJWT-1.4.2-py2.py3-none-any.whl

JSON Web Token implementation in Python

Library home page: https://files.pythonhosted.org/packages/b8/9c/1973e3117d43527a42f2a8afbc81e48d69a537d6e2c39412049b1592d1e2/PyJWT-1.4.2-py2.py3-none-any.whl

Path to dependency file: /python/JWT-null/requirements.txt

Path to vulnerable library: /python/JWT-null/requirements.txt,/python/JWT-secret/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (PyJWT version) Remediation Possible**
CVE-2022-29217 High 7.4 PyJWT-1.4.2-py2.py3-none-any.whl Direct 2.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-29217

Vulnerable Library - PyJWT-1.4.2-py2.py3-none-any.whl

JSON Web Token implementation in Python

Library home page: https://files.pythonhosted.org/packages/b8/9c/1973e3117d43527a42f2a8afbc81e48d69a537d6e2c39412049b1592d1e2/PyJWT-1.4.2-py2.py3-none-any.whl

Path to dependency file: /python/JWT-null/requirements.txt

Path to vulnerable library: /python/JWT-null/requirements.txt,/python/JWT-secret/requirements.txt

Dependency Hierarchy:

  • PyJWT-1.4.2-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify jwt.algorithms.get_default_algorithms() to get support for all algorithms, or specify a single algorithm. The issue is not that big as algorithms=jwt.algorithms.get_default_algorithms() has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

Publish Date: 2022-05-24

URL: CVE-2022-29217

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29217

Release Date: 2022-05-24

Fix Resolution: 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

spring-boot-starter-web-2.7.0-SNAPSHOT.jar: 21 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-web-2.7.0-SNAPSHOT.jar

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-web version) Remediation Possible**
CVE-2016-1000027 Critical 9.8 spring-web-5.3.20.jar Transitive N/A*
CVE-2024-22262 High 8.1 spring-web-5.3.20.jar Transitive N/A*
CVE-2024-22259 High 8.1 spring-web-5.3.20.jar Transitive N/A*
CVE-2024-22243 High 8.1 spring-web-5.3.20.jar Transitive N/A*
CVE-2024-38816 High 7.5 spring-webmvc-5.3.20.jar Transitive N/A*
CVE-2024-34750 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2024-24549 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2024-23672 High 7.5 tomcat-embed-websocket-9.0.63.jar Transitive N/A*
CVE-2023-46589 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-44487 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-24998 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-20860 High 7.5 spring-webmvc-5.3.20.jar Transitive N/A*
CVE-2022-45143 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2022-42252 High 7.5 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2022-42004 High 7.5 jackson-databind-2.13.3.jar Transitive N/A*
CVE-2022-42003 High 7.5 jackson-databind-2.13.3.jar Transitive N/A*
CVE-2024-38809 Medium 6.5 spring-web-5.3.20.jar Transitive N/A*
CVE-2023-41080 Medium 6.1 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-45648 Medium 5.3 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-42795 Medium 5.3 tomcat-embed-core-9.0.63.jar Transitive N/A*
CVE-2023-28708 Medium 4.3 tomcat-embed-core-9.0.63.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (19 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2016-1000027

Vulnerable Library - spring-web-5.3.20.jar

Spring Web

Path to dependency file: /java/racecondition/pom.xml

Path to vulnerable library: /java/racecondition/pom.xml,/java/xss-dom2/pom.xml,/java/graphql-idor/pom.xml,/java/csrf-weak/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csp/pom.xml,/java/parameter-binding/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/sqli-blind/pom.xml,/java/lfi3/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/credentials-guessing2/pom.xml,/java/des-java/pom.xml,/java/jwt-secret/pom.xml,/java/graphql-info-introspection/pom.xml,/java/untrusted-sources/pom.xml,/java/lfi/pom.xml,/java/sqli/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/graphql-mutation/pom.xml,/java/formula-injection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass2/pom.xml,/java/info-leakage-comments/pom.xml,/java/cmd-blind/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/xss-stored/pom.xml,/java/cssi/pom.xml,/java/cmd4/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/info-leakage-metadata/pom.xml,/java/content-type/pom.xml,/java/xss-dom/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/ldap-injection/pom.xml,/java/csti/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/credentials-guessing1/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/csrf/pom.xml,/java/auth-bypass1/pom.xml,/java/cors/pom.xml,/java/sessionpuzzle/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • spring-web-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.

Publish Date: 2020-01-02

URL: CVE-2016-1000027

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4wrc-f8pq-fpqp

Release Date: 2020-01-02

Fix Resolution: org.springframework:spring-web:6.0.0

CVE-2024-22262

Vulnerable Library - spring-web-5.3.20.jar

Spring Web

Path to dependency file: /java/racecondition/pom.xml

Path to vulnerable library: /java/racecondition/pom.xml,/java/xss-dom2/pom.xml,/java/graphql-idor/pom.xml,/java/csrf-weak/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csp/pom.xml,/java/parameter-binding/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/sqli-blind/pom.xml,/java/lfi3/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/credentials-guessing2/pom.xml,/java/des-java/pom.xml,/java/jwt-secret/pom.xml,/java/graphql-info-introspection/pom.xml,/java/untrusted-sources/pom.xml,/java/lfi/pom.xml,/java/sqli/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/graphql-mutation/pom.xml,/java/formula-injection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass2/pom.xml,/java/info-leakage-comments/pom.xml,/java/cmd-blind/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/xss-stored/pom.xml,/java/cssi/pom.xml,/java/cmd4/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/info-leakage-metadata/pom.xml,/java/content-type/pom.xml,/java/xss-dom/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/ldap-injection/pom.xml,/java/csti/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/credentials-guessing1/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/csrf/pom.xml,/java/auth-bypass1/pom.xml,/java/cors/pom.xml,/java/sessionpuzzle/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • spring-web-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-04-16

URL: CVE-2024-22262

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22262

Release Date: 2024-04-16

Fix Resolution: org.springframework:spring-web:5.3.34;6.0.19,6.1.6

CVE-2024-22259

Vulnerable Library - spring-web-5.3.20.jar

Spring Web

Path to dependency file: /java/racecondition/pom.xml

Path to vulnerable library: /java/racecondition/pom.xml,/java/xss-dom2/pom.xml,/java/graphql-idor/pom.xml,/java/csrf-weak/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csp/pom.xml,/java/parameter-binding/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/sqli-blind/pom.xml,/java/lfi3/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/credentials-guessing2/pom.xml,/java/des-java/pom.xml,/java/jwt-secret/pom.xml,/java/graphql-info-introspection/pom.xml,/java/untrusted-sources/pom.xml,/java/lfi/pom.xml,/java/sqli/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/graphql-mutation/pom.xml,/java/formula-injection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass2/pom.xml,/java/info-leakage-comments/pom.xml,/java/cmd-blind/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/xss-stored/pom.xml,/java/cssi/pom.xml,/java/cmd4/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/info-leakage-metadata/pom.xml,/java/content-type/pom.xml,/java/xss-dom/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/ldap-injection/pom.xml,/java/csti/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/credentials-guessing1/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/csrf/pom.xml,/java/auth-bypass1/pom.xml,/java/cors/pom.xml,/java/sessionpuzzle/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • spring-web-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-03-16

URL: CVE-2024-22259

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22259

Release Date: 2024-03-16

Fix Resolution: org.springframework:spring-web:5.3.33,6.0.18,6.1.5

CVE-2024-22243

Vulnerable Library - spring-web-5.3.20.jar

Spring Web

Path to dependency file: /java/racecondition/pom.xml

Path to vulnerable library: /java/racecondition/pom.xml,/java/xss-dom2/pom.xml,/java/graphql-idor/pom.xml,/java/csrf-weak/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csp/pom.xml,/java/parameter-binding/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/sqli-blind/pom.xml,/java/lfi3/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/credentials-guessing2/pom.xml,/java/des-java/pom.xml,/java/jwt-secret/pom.xml,/java/graphql-info-introspection/pom.xml,/java/untrusted-sources/pom.xml,/java/lfi/pom.xml,/java/sqli/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/graphql-mutation/pom.xml,/java/formula-injection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass2/pom.xml,/java/info-leakage-comments/pom.xml,/java/cmd-blind/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/xss-stored/pom.xml,/java/cssi/pom.xml,/java/cmd4/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/info-leakage-metadata/pom.xml,/java/content-type/pom.xml,/java/xss-dom/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/ldap-injection/pom.xml,/java/csti/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/credentials-guessing1/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/csrf/pom.xml,/java/auth-bypass1/pom.xml,/java/cors/pom.xml,/java/sessionpuzzle/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • spring-web-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Publish Date: 2024-02-23

URL: CVE-2024-22243

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22243

Release Date: 2024-02-23

Fix Resolution: org.springframework:spring-web:5.3.32,6.0.17,6.1.4

CVE-2024-38816

Vulnerable Library - spring-webmvc-5.3.20.jar

Spring Web MVC

Path to dependency file: /java/csrf-samesite/pom.xml

Path to vulnerable library: /java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/jwt-secret/pom.xml,/java/url-redirection/pom.xml,/java/cors/pom.xml,/java/url-redirection-harder/pom.xml,/java/ldap-injection-harder/pom.xml,/java/csti/pom.xml,/java/lfi/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/jwt-null/pom.xml,/java/xss-dom2/pom.xml,/java/cmd-blind/pom.xml,/java/auth-bypass1/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/racecondition/pom.xml,/java/cmd4/pom.xml,/java/ldap-injection/pom.xml,/java/parameter-binding/pom.xml,/java/xss-dom/pom.xml,/java/credentials-guessing2/pom.xml,/java/credentials-guessing1/pom.xml,/java/content-type/pom.xml,/java/sqli-like/pom.xml,/java/xss/pom.xml,/java/lfi3/pom.xml,/java/info-leakage-metadata/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-idor/pom.xml,/java/url-redirection-harder2/pom.xml,/java/csrf/pom.xml,/java/ssrf/pom.xml,/java/graphql-info-introspection/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/xss-url/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass-simple/pom.xml,/java/csrf-weak/pom.xml,/java/xss-stored/pom.xml,/java/sqli/pom.xml,/java/sqli-blind/pom.xml,/java/info-leakage-comments/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-mutation/pom.xml,/java/dos-regex/pom.xml,/java/session-hijacking-xss/pom.xml,/java/cssi/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-webmvc-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  • the web application uses RouterFunctions to serve static resources
  • resource handling is explicitly configured with a FileSystemResource location

However, malicious requests are blocked and rejected when any of the following is true:

Publish Date: 2024-09-13

URL: CVE-2024-38816

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38816

Release Date: 2024-09-13

Fix Resolution: org.springframework:spring-webflux:6.1.13, org.springframework:spring-webmvc:6.1.13

CVE-2024-34750

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Publish Date: 2024-07-03

URL: CVE-2024-34750

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

Release Date: 2024-07-03

Fix Resolution: org.apache.tomcat:tomcat-coyote:9.0.90,10.1.25,11.0.0-M21, org.apache.tomcat.embed:tomcat-embed-core:9.0.90,10.1.25,11.0.0-M21

CVE-2024-24549

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-24549

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Release Date: 2024-03-13

Fix Resolution: org.apache.tomcat:tomcat-coyote:8.5.99,9.0.86,10.1.19,11.0.0-M17, org.apache.tomcat.embed:tomcat-embed-core:8.5.99,9.0.86,10.1.19,11.0.0-M17

CVE-2024-23672

Vulnerable Library - tomcat-embed-websocket-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/cmd/pom.xml

Path to vulnerable library: /java/cmd/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/jwt-secret/pom.xml,/java/auth-bypass2/pom.xml,/java/csti/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/cssi/pom.xml,/java/graphql-injections/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/lfi2/pom.xml,/java/xss-url/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/csrf/pom.xml,/java/auth-bypass3/pom.xml,/java/auth-bypass1/pom.xml,/java/idor/pom.xml,/java/sessionpuzzle/pom.xml,/java/credentials-guessing1/pom.xml,/java/cmd-blind/pom.xml,/java/cors/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/des-java/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/ldap-injection/pom.xml,/java/lfi3/pom.xml,/java/url-redirection-harder2/pom.xml,/java/cmd4/pom.xml,/java/session-hijacking-xss/pom.xml,/java/dos-regex/pom.xml,/java/racecondition/pom.xml,/java/xss-stored/pom.xml,/java/csp/pom.xml,/java/info-leakage-metadata/pom.xml,/java/xss/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/lfi/pom.xml,/java/graphql-idor/pom.xml,/java/sqli/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-comments/pom.xml,/java/rtlo/pom.xml,/java/credentials-guessing2/pom.xml,/java/graphql-mutation/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-websocket-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-23672

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-03-13

Fix Resolution: org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17

CVE-2023-46589

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Publish Date: 2023-11-28

URL: CVE-2023-46589

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-11.html

Release Date: 2023-11-28

Fix Resolution: org.apache.tomcat:tomcat-coyote:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.96,9.0.83,10.1.16,11.0.0-M11, org.apache.tomcat:tomcat-catalina:8.5.96,9.0.83,10.1.16,11.0.0-M11

CVE-2023-44487

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Publish Date: 2023-10-10

URL: CVE-2023-44487

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487

Release Date: 2023-10-10

Fix Resolution: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3,v1.57.1,v1.58.3, kubernetes/kubernetes - v1.25.15,v1.26.10,v1.27.7,v1.28.3,v1.29.0, kubernetes/apimachinery - v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0

CVE-2023-24998

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.

Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.

Publish Date: 2023-02-20

URL: CVE-2023-24998

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-10.html

Release Date: 2023-02-20

Fix Resolution: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3

CVE-2023-20860

Vulnerable Library - spring-webmvc-5.3.20.jar

Spring Web MVC

Path to dependency file: /java/csrf-samesite/pom.xml

Path to vulnerable library: /java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/jwt-secret/pom.xml,/java/url-redirection/pom.xml,/java/cors/pom.xml,/java/url-redirection-harder/pom.xml,/java/ldap-injection-harder/pom.xml,/java/csti/pom.xml,/java/lfi/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/jwt-null/pom.xml,/java/xss-dom2/pom.xml,/java/cmd-blind/pom.xml,/java/auth-bypass1/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/racecondition/pom.xml,/java/cmd4/pom.xml,/java/ldap-injection/pom.xml,/java/parameter-binding/pom.xml,/java/xss-dom/pom.xml,/java/credentials-guessing2/pom.xml,/java/credentials-guessing1/pom.xml,/java/content-type/pom.xml,/java/sqli-like/pom.xml,/java/xss/pom.xml,/java/lfi3/pom.xml,/java/info-leakage-metadata/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-idor/pom.xml,/java/url-redirection-harder2/pom.xml,/java/csrf/pom.xml,/java/ssrf/pom.xml,/java/graphql-info-introspection/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/xss-url/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass-simple/pom.xml,/java/csrf-weak/pom.xml,/java/xss-stored/pom.xml,/java/sqli/pom.xml,/java/sqli-blind/pom.xml,/java/info-leakage-comments/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-mutation/pom.xml,/java/dos-regex/pom.xml,/java/session-hijacking-xss/pom.xml,/java/cssi/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-webmvc-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

Publish Date: 2023-03-27

URL: CVE-2023-20860

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/blog/2023/03/21/this-week-in-spring-march-21st-2023/

Release Date: 2023-03-27

Fix Resolution: org.springframework:spring-webmvc:5.3.26,6.0.7

CVE-2022-45143

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Mend Note: After conducting further research, Mend has determined that versions 10.0.x of org.apache.tomcat:tomcat-catalina are vulnerable to CVE-2022-45143.

Publish Date: 2023-01-03

URL: CVE-2022-45143

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rq2w-37h9-vg94

Release Date: 2023-01-03

Fix Resolution: org.apache.tomcat:tomcat-catalina:8.5.84,9.0.69,10.1.2, org.apache.tomcat.embed:tomcat-embed-core:8.5.84,9.0.69,10.1.2, org.apache.tomcat.experimental:tomcat-embed-programmatic:9.0.69,10.1.2

CVE-2022-42252

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

Publish Date: 2022-11-01

URL: CVE-2022-42252

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p22x-g9px-3945

Release Date: 2022-11-01

Fix Resolution: org.apache.tomcat:tomcat:8.5.83,9.0.68,10.0.27,10.1.1

CVE-2022-42004

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/lfi3/pom.xml

Path to vulnerable library: /java/lfi3/pom.xml,/java/csrf/pom.xml,/java/xss/pom.xml,/java/session-hijacking-xss/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-idor/pom.xml,/java/xss-url/pom.xml,/java/sessionpuzzle/pom.xml,/java/racecondition/pom.xml,/java/credentials-guessing1/pom.xml,/java/xss-dom/pom.xml,/java/xss-dom2/pom.xml,/java/content-type/pom.xml,/java/racecondition-file-write/pom.xml,/java/info-leakage-comments/pom.xml,/java/des-java/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/cors/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-injections/pom.xml,/java/dos-regex/pom.xml,/java/xss-stored/pom.xml,/java/lfi2/pom.xml,/java/cmd/pom.xml,/java/csrf-samesite/pom.xml,/java/csrf-weak/pom.xml,/java/sqli-blind/pom.xml,/java/csti/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/url-redirection/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/auth-bypass1/pom.xml,/java/rtlo/pom.xml,/java/cssi/pom.xml,/java/cmd-blind/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/auth-bypass2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/jwt-secret/pom.xml,/java/formula-injection/pom.xml,/java/ldap-injection/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/sqli/pom.xml,/java/lfi/pom.xml,/java/cmd4/pom.xml,/java/info-leakage-metadata/pom.xml,/java/graphql-info-introspection/pom.xml,/java/credentials-guessing2/pom.xml,/java/untrusted-sources/pom.xml,/java/jwt-null/pom.xml,/java/sqli-like/pom.xml,/java/parameter-binding/pom.xml,/java/ldap-injection-harder/pom.xml,/java/csp/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • jackson-databind-2.13.3.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4

CVE-2022-42003

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/lfi3/pom.xml

Path to vulnerable library: /java/lfi3/pom.xml,/java/csrf/pom.xml,/java/xss/pom.xml,/java/session-hijacking-xss/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-idor/pom.xml,/java/xss-url/pom.xml,/java/sessionpuzzle/pom.xml,/java/racecondition/pom.xml,/java/credentials-guessing1/pom.xml,/java/xss-dom/pom.xml,/java/xss-dom2/pom.xml,/java/content-type/pom.xml,/java/racecondition-file-write/pom.xml,/java/info-leakage-comments/pom.xml,/java/des-java/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/cors/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-injections/pom.xml,/java/dos-regex/pom.xml,/java/xss-stored/pom.xml,/java/lfi2/pom.xml,/java/cmd/pom.xml,/java/csrf-samesite/pom.xml,/java/csrf-weak/pom.xml,/java/sqli-blind/pom.xml,/java/csti/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/url-redirection/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/auth-bypass1/pom.xml,/java/rtlo/pom.xml,/java/cssi/pom.xml,/java/cmd-blind/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/auth-bypass2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/jwt-secret/pom.xml,/java/formula-injection/pom.xml,/java/ldap-injection/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/sqli/pom.xml,/java/lfi/pom.xml,/java/cmd4/pom.xml,/java/info-leakage-metadata/pom.xml,/java/graphql-info-introspection/pom.xml,/java/credentials-guessing2/pom.xml,/java/untrusted-sources/pom.xml,/java/jwt-null/pom.xml,/java/sqli-like/pom.xml,/java/parameter-binding/pom.xml,/java/ldap-injection-harder/pom.xml,/java/csp/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • jackson-databind-2.13.3.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Mend Note: For 2.13.4.x, the vulnerability is fixed in 2.13.4.1. A micro-patch was added in 2.13.4.2 to address issues for Gradle users.

Publish Date: 2022-10-02

URL: CVE-2022-42003

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jjjh-jjxp-wpff

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2

CVE-2024-38809

Vulnerable Library - spring-web-5.3.20.jar

Spring Web

Path to dependency file: /java/racecondition/pom.xml

Path to vulnerable library: /java/racecondition/pom.xml,/java/xss-dom2/pom.xml,/java/graphql-idor/pom.xml,/java/csrf-weak/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csp/pom.xml,/java/parameter-binding/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/sqli-blind/pom.xml,/java/lfi3/pom.xml,/java/lfi2/pom.xml,/java/graphql-injections/pom.xml,/java/credentials-guessing2/pom.xml,/java/des-java/pom.xml,/java/jwt-secret/pom.xml,/java/graphql-info-introspection/pom.xml,/java/untrusted-sources/pom.xml,/java/lfi/pom.xml,/java/sqli/pom.xml,/java/url-redirection-harder/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/graphql-mutation/pom.xml,/java/formula-injection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/racecondition-file-write/pom.xml,/java/auth-bypass2/pom.xml,/java/info-leakage-comments/pom.xml,/java/cmd-blind/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/xss-stored/pom.xml,/java/cssi/pom.xml,/java/cmd4/pom.xml,/java/url-redirection-harder2/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/info-leakage-metadata/pom.xml,/java/content-type/pom.xml,/java/xss-dom/pom.xml,/java/url-redirection/pom.xml,/java/csrf-samesite/pom.xml,/java/ldap-injection/pom.xml,/java/csti/pom.xml,/java/cmd/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/credentials-guessing1/pom.xml,/java/idor/pom.xml,/java/auth-bypass3/pom.xml,/java/csrf/pom.xml,/java/auth-bypass1/pom.xml,/java/cors/pom.xml,/java/sessionpuzzle/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-json-2.7.0-SNAPSHOT.jar
      • spring-web-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Spring Framework is vulnerable DoS via conditional HTTP request. Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to Denial of Service attack. All versions before 5.3.38, 6.0.23 and 6.1.12 are affected.

Publish Date: 2024-09-24

URL: CVE-2024-38809

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38809

Release Date: 2024-06-20

Fix Resolution: org.springframework:spring-web:5.3.38,6.0.23,6.1.12

CVE-2023-41080

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

Publish Date: 2023-08-25

URL: CVE-2023-41080

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f

Release Date: 2023-08-25

Fix Resolution: org.apache.tomcat:tomcat-catalina:8.5.93,9.0.80,10.1.13,11.0.0-M11, org.apache.tomcat.embed:tomcat-embed-core:8.5.93,9.0.80,10.1.13,11.0.0-M11

CVE-2023-45648

Vulnerable Library - tomcat-embed-core-9.0.63.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-tomcat-2.7.0-SNAPSHOT.jar
      • tomcat-embed-core-9.0.63.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially
crafted, invalid trailer header could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

Publish Date: 2023-10-10

URL: CVE-2023-45648

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-45648

Release Date: 2023-10-10

Fix Resolution: org.apache.tomcat.embed:tomcat-embed-core - 11.0.0-M12,8.5.94,9.0.81;org.apache.tomcat:tomcat-coyote - 8.5.94,10.0.0-M1,10.1.14,11.0.0-M12

spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar: 13 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-thymeleaf version) Remediation Possible**
CVE-2022-22965 Critical 9.8 spring-beans-5.3.17.jar Transitive N/A*
CVE-2022-1471 High 8.3 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-25857 High 7.5 snakeyaml-1.29.jar Transitive N/A*
CVE-2023-20863 Medium 6.5 spring-expression-5.3.17.jar Transitive N/A*
CVE-2023-20861 Medium 6.5 spring-expression-5.3.17.jar Transitive N/A*
CVE-2022-38752 Medium 6.5 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-38751 Medium 6.5 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-38750 Medium 6.5 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-38749 Medium 6.5 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-41854 Medium 5.8 snakeyaml-1.29.jar Transitive N/A*
CVE-2022-22970 Medium 5.3 detected in multiple dependencies Transitive N/A*
CVE-2022-22968 Medium 5.3 spring-context-5.3.17.jar Transitive N/A*
CVE-2024-38808 Medium 4.3 spring-expression-5.3.17.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-22965

Vulnerable Library - spring-beans-5.3.17.jar

Spring Beans

Path to dependency file: /java/cmd3/pom.xml

Path to vulnerable library: /java/cmd3/pom.xml,/java/cmd2/pom.xml,/java/file-upload/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/ratelimiting/pom.xml,/java/xxe/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar
          • spring-aop-5.3.17.jar
            • spring-beans-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.

Publish Date: 2022-04-01

URL: CVE-2022-22965

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Release Date: 2022-04-01

Fix Resolution: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18

CVE-2022-1471

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

CVSS 3 Score Details (8.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution: org.yaml:snakeyaml:2.0

CVE-2022-25857

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2023-20863

Vulnerable Library - spring-expression-5.3.17.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/xxe/pom.xml

Path to vulnerable library: /java/xxe/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/ratelimiting/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar
          • spring-expression-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-04-13

URL: CVE-2023-20863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20863

Release Date: 2023-04-13

Fix Resolution: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8

CVE-2023-20861

Vulnerable Library - spring-expression-5.3.17.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/xxe/pom.xml

Path to vulnerable library: /java/xxe/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/ratelimiting/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar
          • spring-expression-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-03-23

URL: CVE-2023-20861

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20861

Release Date: 2023-03-23

Fix Resolution: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7

CVE-2022-38752

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: 2022-09-05

URL: CVE-2022-38752

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.32

CVE-2022-38751

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38751

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-38750

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-38749

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38749

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-41854

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/http-response-splitting/pom.xml

Path to vulnerable library: /java/http-response-splitting/pom.xml,/java/xxe/pom.xml,/java/rfi/pom.xml,/java/ratelimiting/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: 2022-11-11

URL: CVE-2022-41854

CVSS 3 Score Details (5.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/

Release Date: 2022-11-11

Fix Resolution: org.yaml:snakeyaml:1.32

CVE-2022-22970

Vulnerable Libraries - spring-beans-5.3.17.jar, spring-core-5.3.17.jar

spring-beans-5.3.17.jar

Spring Beans

Path to dependency file: /java/cmd3/pom.xml

Path to vulnerable library: /java/cmd3/pom.xml,/java/cmd2/pom.xml,/java/file-upload/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/ratelimiting/pom.xml,/java/xxe/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar
          • spring-aop-5.3.17.jar
            • spring-beans-5.3.17.jar (Vulnerable Library)

spring-core-5.3.17.jar

Spring Core

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-core-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Publish Date: 2022-05-12

URL: CVE-2022-22970

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-22970

Release Date: 2022-05-12

Fix Resolution: org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20

CVE-2022-22968

Vulnerable Library - spring-context-5.3.17.jar

Spring Context

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ratelimiting/pom.xml

Path to vulnerable library: /java/ratelimiting/pom.xml,/java/http-response-splitting/pom.xml,/java/cmd3/pom.xml,/java/rfi/pom.xml,/java/cmd2/pom.xml,/java/file-upload/pom.xml,/java/xxe/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Publish Date: 2022-04-14

URL: CVE-2022-22968

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-22968

Release Date: 2022-04-14

Fix Resolution: org.springframework:spring-context:5.2.21,5.3.19

CVE-2024-38808

Vulnerable Library - spring-expression-5.3.17.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/xxe/pom.xml

Path to vulnerable library: /java/xxe/pom.xml,/java/file-upload/pom.xml,/java/cmd3/pom.xml,/java/rfi/pom.xml,/java/http-response-splitting/pom.xml,/java/ratelimiting/pom.xml,/java/cmd2/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.6.5-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.6.5-SNAPSHOT.jar
      • spring-boot-2.6.5-SNAPSHOT.jar
        • spring-context-5.3.17.jar
          • spring-expression-5.3.17.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  • The application evaluates user-supplied SpEL expressions.

Publish Date: 2024-08-20

URL: CVE-2024-38808

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38808

Release Date: 2024-08-20

Fix Resolution: org.springframework:spring-expression:5.3.39

puma-3.12.1.gem: 10 vulnerabilities (highest severity is: 8.0)

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (puma version) Remediation Possible**
CVE-2022-23634 High 8.0 puma-3.12.1.gem Direct puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2
CVE-2021-29509 High 7.5 puma-3.12.1.gem Direct puma - 4.3.8,5.3.1
CVE-2020-11076 High 7.5 puma-3.12.1.gem Direct puma - 3.12.5;4.3.4
CVE-2023-40175 High 7.3 puma-3.12.1.gem Direct puma - 5.6.7,6.3.1
CVE-2020-11077 Medium 6.8 puma-3.12.1.gem Direct puma - 3.12.5,4.3.4
CVE-2020-5249 Medium 6.5 puma-3.12.1.gem Direct puma - 3.12.4,4.3.3
CVE-2020-5247 Medium 6.5 puma-3.12.1.gem Direct 3.12.3;4.3.2
CVE-2024-21647 Medium 5.9 puma-3.12.1.gem Direct puma - 5.6.8,6.4.2
CVE-2019-16770 Medium 5.3 puma-3.12.1.gem Direct v4.3.1
CVE-2021-41136 Low 3.7 puma-3.12.1.gem Direct puma - 4.3.9, 5.5.1

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-23634

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.

Publish Date: 2022-02-11

URL: CVE-2022-23634

CVSS 3 Score Details (8.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-29509

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A puma server which received more concurrent keep-alive connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in puma 4.3.8 and 5.3.1. Setting queue_requests false also fixes the issue. This is not advised when using puma without a reverse proxy, such as nginx or apache, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.

Publish Date: 2021-05-11

URL: CVE-2021-29509

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-q28m-8xjw-8vr5

Release Date: 2021-05-11

Fix Resolution: puma - 4.3.8,5.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-11076

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

Publish Date: 2020-05-22

URL: CVE-2020-11076

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-x7jg-6pwg-fx5h

Release Date: 2020-05-22

Fix Resolution: puma - 3.12.5;4.3.4

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-40175

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Publish Date: 2023-08-18

URL: CVE-2023-40175

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-40175

Release Date: 2023-08-18

Fix Resolution: puma - 5.6.7,6.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-11077

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

Publish Date: 2020-05-22

URL: CVE-2020-11077

CVSS 3 Score Details (6.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-w64w-qqph-5gxm

Release Date: 2020-05-22

Fix Resolution: puma - 3.12.5,4.3.4

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5249

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

Publish Date: 2020-03-02

URL: CVE-2020-5249

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5249

Release Date: 2020-03-02

Fix Resolution: puma - 3.12.4,4.3.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5247

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

Publish Date: 2020-02-28

URL: CVE-2020-5247

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-84j7-475p-hp8v

Release Date: 2020-02-28

Fix Resolution: 3.12.3;4.3.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-21647

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

Publish Date: 2024-01-08

URL: CVE-2024-21647

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-21647

Release Date: 2024-01-08

Fix Resolution: puma - 5.6.8,6.4.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-16770

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Publish Date: 2019-12-05

URL: CVE-2019-16770

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16770

Release Date: 2019-12-05

Fix Resolution: v4.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-41136

Vulnerable Library - puma-3.12.1.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-3.12.1.gem

Dependency Hierarchy:

  • puma-3.12.1.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with puma.

Publish Date: 2021-10-12

URL: CVE-2021-41136

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-48w2-rm65-62xx

Release Date: 2021-10-12

Fix Resolution: puma - 4.3.9, 5.5.1

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

jsonwebtoken-8.5.1.tgz: 3 vulnerabilities (highest severity is: 6.4)

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /nodeJs/JWT-null/package.json

Path to vulnerable library: /nodeJs/JWT-null/package.json,/nodeJs/JWT-secret/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jsonwebtoken version) Remediation Possible**
CVE-2022-23540 Medium 6.4 jsonwebtoken-8.5.1.tgz Direct 9.0.0
CVE-2022-23539 Medium 5.9 jsonwebtoken-8.5.1.tgz Direct 9.0.0
CVE-2022-23541 Medium 5.0 jsonwebtoken-8.5.1.tgz Direct 9.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-23540

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /nodeJs/JWT-null/package.json

Path to vulnerable library: /nodeJs/JWT-null/package.json,/nodeJs/JWT-secret/package.json

Dependency Hierarchy:

  • jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

Publish Date: 2022-12-22

URL: CVE-2022-23540

CVSS 3 Score Details (6.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: High
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-23540

Release Date: 2022-12-22

Fix Resolution: 9.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-23539

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /nodeJs/JWT-null/package.json

Path to vulnerable library: /nodeJs/JWT-null/package.json,/nodeJs/JWT-secret/package.json

Dependency Hierarchy:

  • jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option to true in the sign() and/or verify() functions.

Publish Date: 2022-12-22

URL: CVE-2022-23539

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8cf7-32gw-wr33

Release Date: 2022-12-23

Fix Resolution: 9.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-23541

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /nodeJs/JWT-null/package.json

Path to vulnerable library: /nodeJs/JWT-null/package.json,/nodeJs/JWT-secret/package.json

Dependency Hierarchy:

  • jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.

Publish Date: 2022-12-22

URL: CVE-2022-23541

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hjrf-2m68-5959

Release Date: 2022-12-22

Fix Resolution: 9.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

mongoose-6.1.6.tgz: 3 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - mongoose-6.1.6.tgz

Mongoose MongoDB ODM

Library home page: https://registry.npmjs.org/mongoose/-/mongoose-6.1.6.tgz

Path to dependency file: /nodeJs/ParameterBinding/package.json

Path to vulnerable library: /nodeJs/ParameterBinding/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (mongoose version) Remediation Possible**
CVE-2023-3696 Critical 9.8 mongoose-6.1.6.tgz Direct 6.11.3
CVE-2022-2564 Critical 9.8 mongoose-6.1.6.tgz Direct 6.4.6
CVE-2021-32050 Medium 4.2 mongodb-4.2.2.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-3696

Vulnerable Library - mongoose-6.1.6.tgz

Mongoose MongoDB ODM

Library home page: https://registry.npmjs.org/mongoose/-/mongoose-6.1.6.tgz

Path to dependency file: /nodeJs/ParameterBinding/package.json

Path to vulnerable library: /nodeJs/ParameterBinding/package.json

Dependency Hierarchy:

  • mongoose-6.1.6.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

Publish Date: 2023-07-17

URL: CVE-2023-3696

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467/

Release Date: 2023-07-17

Fix Resolution: 6.11.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-2564

Vulnerable Library - mongoose-6.1.6.tgz

Mongoose MongoDB ODM

Library home page: https://registry.npmjs.org/mongoose/-/mongoose-6.1.6.tgz

Path to dependency file: /nodeJs/ParameterBinding/package.json

Path to vulnerable library: /nodeJs/ParameterBinding/package.json

Dependency Hierarchy:

  • mongoose-6.1.6.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

Publish Date: 2022-07-28

URL: CVE-2022-2564

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2564

Release Date: 2022-07-28

Fix Resolution: 6.4.6

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-32050

Vulnerable Library - mongodb-4.2.2.tgz

The official MongoDB driver for Node.js

Library home page: https://registry.npmjs.org/mongodb/-/mongodb-4.2.2.tgz

Path to dependency file: /nodeJs/ParameterBinding/package.json

Path to vulnerable library: /nodeJs/ParameterBinding/package.json

Dependency Hierarchy:

  • mongoose-6.1.6.tgz (Root Library)
    • mongodb-4.2.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

Publish Date: 2023-08-29

URL: CVE-2021-32050

CVSS 3 Score Details (4.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-vxvm-qww3-2fh7

Release Date: 2023-08-29

Fix Resolution: mongodb - 3.6.10,4.17.0,5.8.0

⛑️Automatic Remediation will be attempted for this issue.

libxmljs-0.19.7.tgz: 3 vulnerabilities (highest severity is: 8.1)

Vulnerable Library - libxmljs-0.19.7.tgz

libxml bindings for v8 javascript engine

Library home page: https://registry.npmjs.org/libxmljs/-/libxmljs-0.19.7.tgz

Path to dependency file: /nodeJs/XXE/package.json

Path to vulnerable library: /nodeJs/XXE/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (libxmljs version) Remediation Possible**
CVE-2024-34392 High 8.1 libxmljs-0.19.7.tgz Direct N/A
CVE-2022-21144 High 7.5 libxmljs-0.19.7.tgz Direct 0.19.8
CVE-2024-28863 Medium 6.5 tar-4.4.19.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-34392

Vulnerable Library - libxmljs-0.19.7.tgz

libxml bindings for v8 javascript engine

Library home page: https://registry.npmjs.org/libxmljs/-/libxmljs-0.19.7.tgz

Path to dependency file: /nodeJs/XXE/package.json

Path to vulnerable library: /nodeJs/XXE/package.json

Dependency Hierarchy:

  • libxmljs-0.19.7.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

Publish Date: 2024-05-02

URL: CVE-2024-34392

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2022-21144

Vulnerable Library - libxmljs-0.19.7.tgz

libxml bindings for v8 javascript engine

Library home page: https://registry.npmjs.org/libxmljs/-/libxmljs-0.19.7.tgz

Path to dependency file: /nodeJs/XXE/package.json

Path to vulnerable library: /nodeJs/XXE/package.json

Dependency Hierarchy:

  • libxmljs-0.19.7.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Publish Date: 2022-05-01

URL: CVE-2022-21144

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21144

Release Date: 2022-05-01

Fix Resolution: 0.19.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-28863

Vulnerable Library - tar-4.4.19.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-4.4.19.tgz

Path to dependency file: /nodeJs/Graphql-Introspection/package.json

Path to vulnerable library: /nodeJs/Graphql-Introspection/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/XXE/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/CORS/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Formula-Injection/package.json

Dependency Hierarchy:

  • libxmljs-0.19.7.tgz (Root Library)
    • node-pre-gyp-0.11.0.tgz
      • tar-4.4.19.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

Publish Date: 2024-03-21

URL: CVE-2024-28863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-f5x3-32g6-xq36

Release Date: 2024-03-21

Fix Resolution: tar - 6.2.1

⛑️Automatic Remediation will be attempted for this issue.

xlsx-0.17.5.tgz: 2 vulnerabilities (highest severity is: 7.8)

Vulnerable Library - xlsx-0.17.5.tgz

SheetJS Spreadsheet data parser and writer

Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.17.5.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (xlsx version) Remediation Possible**
CVE-2023-30533 High 7.8 xlsx-0.17.5.tgz Direct N/A
CVE-2024-22363 High 7.5 xlsx-0.17.5.tgz Direct N/A

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-30533

Vulnerable Library - xlsx-0.17.5.tgz

SheetJS Spreadsheet data parser and writer

Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.17.5.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json

Dependency Hierarchy:

  • xlsx-0.17.5.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.

Publish Date: 2023-04-24

URL: CVE-2023-30533

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2024-22363

Vulnerable Library - xlsx-0.17.5.tgz

SheetJS Spreadsheet data parser and writer

Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.17.5.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json

Dependency Hierarchy:

  • xlsx-0.17.5.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

Publish Date: 2024-04-05

URL: CVE-2024-22363

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

bootstrap-3.2.0.js: 6 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bootstrap version) Remediation Possible**
CVE-2019-8331 Medium 6.1 bootstrap-3.2.0.js Direct bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-20677 Medium 6.1 bootstrap-3.2.0.js Direct Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-20676 Medium 6.1 bootstrap-3.2.0.js Direct bootstrap - 3.4.0
CVE-2018-14042 Medium 6.1 bootstrap-3.2.0.js Direct bootstrap - 3.4.0,4.1.2
CVE-2016-10735 Medium 6.1 bootstrap-3.2.0.js Direct bootstrap - 3.4.0, 4.0.0-beta.2
CVE-2018-14040 Low 3.7 bootstrap-3.2.0.js Direct org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (5 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2019-8331

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Dependency Hierarchy:

  • bootstrap-3.2.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

CVE-2018-20677

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Dependency Hierarchy:

  • bootstrap-3.2.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

CVE-2018-20676

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Dependency Hierarchy:

  • bootstrap-3.2.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0

CVE-2018-14042

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Dependency Hierarchy:

  • bootstrap-3.2.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Release Date: 2018-07-13

Fix Resolution: bootstrap - 3.4.0,4.1.2

CVE-2016-10735

Vulnerable Library - bootstrap-3.2.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/bootstrap.js

Path to vulnerable library: /lab-template/static/js/bootstrap.js,/java/url-redirection-harder/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-1/static/js/bootstrap.js,/python/LFI-2/static/js/bootstrap.js,/python/Auth-bypass/static/js/bootstrap.js,/python/HTML-injection/static/js/bootstrap.js,/java/auth-bypass-simple/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM-2/static/js/bootstrap.js,/c/32_bufferOverflow/static/js/bootstrap.js,/java/sqli-like/src/main/resources/static/js/bootstrap.js,/java/rtlo/src/main/resources/static/js/bootstrap.js,/java/ssrf/src/main/resources/static/js/bootstrap.js,/python/File-upload/static/js/bootstrap.js,/java/auth-bypass1/src/main/resources/static/js/bootstrap.js,/java/idor/src/main/resources/static/js/bootstrap.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing2/src/main/resources/static/js/bootstrap.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/bootstrap.js,/java/lfi2/src/main/resources/static/js/bootstrap.js,/java/lfi/src/main/resources/static/js/bootstrap.js,/python/LFI/static/js/bootstrap.js,/java/content-type/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass-2/static/js/bootstrap.js,/java/graphql-mutation/src/main/resources/static/js/bootstrap.js,/java/des-java/src/main/resources/static/js/bootstrap.js,/python/info-leakeage-comments/static/js/bootstrap.js,/java/cmd4/src/main/resources/static/js/bootstrap.js,/java/csrf-weak/src/main/resources/static/js/bootstrap.js,/java/file-upload/src/main/resources/static/js/bootstrap.js,/python/XXE/static/js/bootstrap.js,/python/X-allow-origin/static/js/bootstrap.js,/python/Url-redirection-harder/static/js/bootstrap.js,/python/HTTP-desync-CLTE-backend-server/static/js/bootstrap.js,/python/info-leakeage-metadata/static/js/bootstrap.js,/java/sessionpuzzle/src/main/resources/static/js/bootstrap.js,/java/parameter-binding/src/main/resources/static/js/bootstrap.js,/python/CMD/static/js/bootstrap.js,/java/dos-regex/src/main/resources/static/js/bootstrap.js,/java/jwt-null/src/main/resources/static/js/bootstrap.js,/python/CORS/static/js/bootstrap.js,/java/racecondition-file-write/src/main/resources/static/js/bootstrap.js,/java/credentials-guessing1/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-DOS/static/js/bootstrap.js,/java/lfi3/src/main/resources/static/js/bootstrap.js,/python/XSS-url/static/js/bootstrap.js,/java/client-side-restriction-bypass/src/main/resources/static/js/bootstrap.js,/java/csp/src/main/resources/static/js/bootstrap.js,/java/untrusted-sources/src/main/resources/static/js/bootstrap.js,/python/XSS-DOM/static/js/bootstrap.js,/python/CMD3/static/js/bootstrap.js,/python/CMD2/static/js/bootstrap.js,/java/xss-stored/src/main/resources/static/js/bootstrap.js,/python/client-side-restriction-bypass/static/js/bootstrap.js,/java/xss-dom/src/main/resources/static/js/bootstrap.js,/python/Attack-Server/static/js/bootstrap.js,/python/http-response-splitting/static/js/bootstrap.js,/python/RTLO/static/js/bootstrap.js,/java/xss/src/main/resources/static/js/bootstrap.js,/python/JWT-secret/static/js/bootstrap.js,/java/cmd3/src/main/resources/static/js/bootstrap.js,/python/weak-or-unenforced-username-policy/static/js/bootstrap.js,/python/Session-Management-2/static/js/bootstrap.js,/python/credentials-guessing-2/static/js/bootstrap.js,/java/jwt-secret/src/main/resources/static/js/bootstrap.js,/python/WebSocket-Message-Manipulation/static/js/bootstrap.js,/java/auth-bypass3/src/main/resources/static/js/bootstrap.js,/java/xss-url/src/main/resources/static/js/bootstrap.js,/java/cors/src/main/resources/static/js/bootstrap.js,/java/url-redirection/src/main/resources/static/js/bootstrap.js,/python/CSTI/static/js/bootstrap.js,/java/des-yaml/src/main/resources/static/js/bootstrap.js,/java/graphql-idor/src/main/resources/static/js/bootstrap.js,/python/weak-lock-out-mechanism/static/js/bootstrap.js,/python/Url-redirection-harder2/static/js/bootstrap.js,/java/ssti/src/main/resources/static/old/js/bootstrap.js,/python/session-hijacking-xss/static/js/bootstrap.js,/python/Ldap-injection-harder/static/js/bootstrap.js,/python/SQLI-login-bypass/static/js/bootstrap.js,/python/Ldap-injection/static/js/bootstrap.js,/java/info-leakage-metadata/src/main/resources/static/js/bootstrap.js,/python/graphql-dos-resource-exhaustion/static/js/bootstrap.js,/python/SSRF/static/js/bootstrap.js,/python/graphql-mutation/static/js/bootstrap.js,/python/Threat-modeling/static/js/bootstrap.js,/java/racecondition/src/main/resources/static/js/bootstrap.js,/nodeJs/Graphql-IDOR/static/js/bootstrap.js,/python/LFI-3/static/js/bootstrap.js,/java/csrf/src/main/resources/static/js/bootstrap.js,/java/csrf-samesite/src/main/resources/static/js/bootstrap.js,/java/csti/src/main/resources/static/js/bootstrap.js,/python/DoS-regex/static/js/bootstrap.js,/python/ratelimiting/static/js/bootstrap.js,/java/sqli/src/main/resources/static/js/bootstrap.js,/python/CSRF-weak/static/js/bootstrap.js,/python/Auth-bypass-2/static/js/bootstrap.js,/python/graphql-info-introspection/static/js/bootstrap.js,/python/CSRF/static/js/bootstrap.js,/java/ldap-injection/src/main/resources/static/js/bootstrap.js,/python/XSS-attribute/static/js/bootstrap.js,/java/cssi/src/main/resources/static/js/bootstrap.js,/python/SSTI/static/js/bootstrap.js,/python/Web-cache-poisoning/static/js/bootstrap.js,/python/DES-Pickle-2/static/js/bootstrap.js,/python/SQLI-blind/static/js/bootstrap.js,/java/info-leakage-comments/src/main/resources/static/js/bootstrap.js,/python/DES-Yaml/static/js/bootstrap.js,/java/graphql-injections/src/main/resources/static/js/bootstrap.js,/python/IDOR/static/js/bootstrap.js,/python/DNS-rebinding/static/js/bootstrap.js,/python/Untrusted-sources-js/static/js/bootstrap.js,/python/CSRF-SameSite/static/js/bootstrap.js,/python/user-registration-process/static/js/bootstrap.js,/python/SQLI-like/static/js/bootstrap.js,/python/JWT-null/static/js/bootstrap.js,/python/Auth-bypass-simple/static/js/bootstrap.js,/python/Unreferenced-files/static/js/bootstrap.js,/python/RaceCondition/static/js/bootstrap.js,/python/CMD-Blind/static/js/bootstrap.js,/python/account-provisioning-process/static/js/bootstrap.js,/java/session-hijacking-xss/src/main/resources/static/js/bootstrap.js,/python/NoSQL/static/js/bootstrap.js,/java/xxe/src/main/resources/static/js/bootstrap.js,/python/CSP/static/js/bootstrap.js,/java/url-redirection-harder2/src/main/resources/static/js/bootstrap.js,/python/graphql-injections/static/js/bootstrap.js,/python/RFI/static/js/bootstrap.js,/python/graphql-IDOR/static/js/bootstrap.js,/java/formula-injection/src/main/resources/static/js/bootstrap.js,/python/Content-type/static/js/bootstrap.js,/java/auth-bypass2/src/main/resources/static/js/bootstrap.js,/python/RaceCondition-file-write/static/js/bootstrap.js,/python/DES-Pickle/static/js/bootstrap.js,/python/Url-redirection/static/js/bootstrap.js,/java/xss-dom2/src/main/resources/static/js/bootstrap.js,/python/XSS/static/js/bootstrap.js,/java/cmd2/src/main/resources/static/js/bootstrap.js,/python/Host-Header-Authentication-Bypass/static/js/bootstrap.js,/python/Formula-injection/static/js/bootstrap.js,/python/credentials-guessing-1/static/js/bootstrap.js,/python/Session-Management-1/static/js/bootstrap.js,/java/ratelimiting/src/main/resources/static/js/bootstrap.js,/java/ssti/src/main/resources/static/js/bootstrap.js,/python/CMD4/static/js/bootstrap.js,/java/sqli-blind/src/main/resources/static/js/bootstrap.js,/python/Auth-bypass-3/static/js/bootstrap.js,/java/cmd-blind/src/main/resources/static/js/bootstrap.js,/python/TLS-downgrade/static/js/bootstrap.js,/python/SessionPuzzle/static/js/bootstrap.js,/java/graphql-info-introspection/src/main/resources/static/js/bootstrap.js,/java/ldap-injection-harder/src/main/resources/static/js/bootstrap.js,/java/http-response-splitting/src/main/resources/static/js/bootstrap.js,/python/CSSI/static/js/bootstrap.js,/java/rfi/src/main/resources/static/js/bootstrap.js,/java/cmd/src/main/resources/static/js/bootstrap.js,/python/SQLI/static/js/bootstrap.js

Dependency Hierarchy:

  • bootstrap-3.2.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.

Publish Date: 2019-01-09

URL: CVE-2016-10735

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2

request-2.88.2.tgz: 2 vulnerabilities (highest severity is: 6.5)

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/SQLI/package.json,/nodeJs/SSRF/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CORS/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Auth-Bypass-1/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (request version) Remediation Possible**
CVE-2023-26136 Medium 6.5 tough-cookie-2.5.0.tgz Transitive N/A*
CVE-2023-28155 Medium 6.1 request-2.88.2.tgz Direct @cypress/request - 3.0.0

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-26136

Vulnerable Library - tough-cookie-2.5.0.tgz

RFC6265 Cookies and Cookie Jar for node.js

Library home page: https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz

Dependency Hierarchy:

  • request-2.88.2.tgz (Root Library)
    • tough-cookie-2.5.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Publish Date: 2023-07-01

URL: CVE-2023-26136

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-26136

Release Date: 2023-07-01

Fix Resolution: tough-cookie - 4.1.3

CVE-2023-28155

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/SQLI/package.json,/nodeJs/SSRF/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/CORS/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Auth-Bypass-1/package.json

Dependency Hierarchy:

  • request-2.88.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2023-03-16

URL: CVE-2023-28155

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p8p7-x288-28g6

Release Date: 2023-03-16

Fix Resolution: @cypress/request - 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

multer-1.4.4.tgz: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - multer-1.4.4.tgz

Path to dependency file: /nodeJs/Ldap-Injection-harder/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (multer version) Remediation Possible**
CVE-2022-24434 High 7.5 dicer-0.2.5.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-24434

Vulnerable Library - dicer-0.2.5.tgz

A very fast streaming multipart parser for node.js

Library home page: https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz

Dependency Hierarchy:

  • multer-1.4.4.tgz (Root Library)
    • busboy-0.2.14.tgz
      • dicer-0.2.5.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Publish Date: 2022-05-20

URL: CVE-2022-24434

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

capybara-3.15.1.gem: 2 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - capybara-3.15.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.10.3.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (capybara version) Remediation Possible**
CVE-2024-34459 High 7.5 nokogiri-1.10.3.gem Transitive N/A*
CVE-2021-32740 High 7.5 addressable-2.6.0.gem Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-34459

Vulnerable Library - nokogiri-1.10.3.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.10.3.gem

Dependency Hierarchy:

  • capybara-3.15.1.gem (Root Library)
    • nokogiri-1.10.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Mend Note: This vulnerability does not affect RubyGem's Nokogiri directly, but its dependency libxml2, which is downloaded during Nokogiri's depndency resolution.

Publish Date: 2024-05-13

URL: CVE-2024-34459

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-r95h-9x8f-r3f7

Release Date: 2024-05-14

Fix Resolution: libxml2-v2.11.8,v2.12.7, nokogiri - 1.16.5

CVE-2021-32740

Vulnerable Library - addressable-2.6.0.gem

Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for IRIs and URI templates.

Library home page: https://rubygems.org/gems/addressable-2.6.0.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/addressable-2.6.0.gem

Dependency Hierarchy:

  • capybara-3.15.1.gem (Root Library)
    • addressable-2.6.0.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.

Publish Date: 2021-07-06

URL: CVE-2021-32740

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jxhc-q857-3j6g

Release Date: 2021-07-06

Fix Resolution: addressable - 2.8.0

jbuilder-2.9.1.gem: 4 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - jbuilder-2.9.1.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/tzinfo-1.2.5.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jbuilder version) Remediation Possible**
CVE-2020-8165 Critical 9.8 activesupport-5.2.3.gem Transitive N/A*
CVE-2022-31163 High 8.1 tzinfo-1.2.5.gem Transitive N/A*
CVE-2023-22796 High 7.5 activesupport-5.2.3.gem Transitive N/A*
CVE-2023-38037 Medium 4.3 activesupport-5.2.3.gem Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-8165

Vulnerable Library - activesupport-5.2.3.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activesupport-5.2.3.gem

Dependency Hierarchy:

  • jbuilder-2.9.1.gem (Root Library)
    • activesupport-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Publish Date: 2020-06-19

URL: CVE-2020-8165

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-2p68-f74v-9wc6

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2022-31163

Vulnerable Library - tzinfo-1.2.5.gem

TZInfo provides daylight savings aware transformations between times in different time zones.

Library home page: https://rubygems.org/gems/tzinfo-1.2.5.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/tzinfo-1.2.5.gem

Dependency Hierarchy:

  • jbuilder-2.9.1.gem (Root Library)
    • activesupport-5.2.3.gem
      • tzinfo-1.2.5.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require on demand. In the affected versions, TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z.

Publish Date: 2022-07-22

URL: CVE-2022-31163

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-5cm2-9h8c-rvfx

Release Date: 2022-07-22

Fix Resolution: tzinfo - 0.3.61,1.2.10

CVE-2023-22796

Vulnerable Library - activesupport-5.2.3.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activesupport-5.2.3.gem

Dependency Hierarchy:

  • jbuilder-2.9.1.gem (Root Library)
    • activesupport-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

Publish Date: 2023-02-09

URL: CVE-2023-22796

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j6gc-792m-qgm2

Release Date: 2023-02-09

Fix Resolution: activesupport - 6.1.7.1,7.0.4.1

CVE-2023-38037

Vulnerable Library - activesupport-5.2.3.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activesupport-5.2.3.gem

Dependency Hierarchy:

  • jbuilder-2.9.1.gem (Root Library)
    • activesupport-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Active Support Possibly Discloses Locally Encrypted Files

Publish Date: 2023-07-12

URL: CVE-2023-38037

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cr5q-6q9f-rq6q

Release Date: 2023-07-12

Fix Resolution: activesupport - 6.1.7.5,7.0.7.1

Flask-2.2.2-py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Flask-2.2.2-py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/0f/43/15f4f9ab225b0b25352412e8daa3d0e3d135fcf5e127070c74c3632c8b4c/Flask-2.2.2-py3-none-any.whl

Path to dependency file: /python/Auth-bypass/requirements.txt

Path to vulnerable library: /python/Auth-bypass/requirements.txt,/python/Session-Management-2/requirements.txt,/python/Attack-Server/requirements.txt,/python/Web-cache-poisoning/requirements.txt,/python/WebSocket-Message-Manipulation/requirements.txt,/python/Session-Management-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Host-Header-Authentication-Bypass/requirements.txt,/python/SQLI-login-bypass/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Flask version) Remediation Possible**
CVE-2023-30861 High 7.5 Flask-2.2.2-py3-none-any.whl Direct flask - 2.2.5,2.3.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-30861

Vulnerable Library - Flask-2.2.2-py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/0f/43/15f4f9ab225b0b25352412e8daa3d0e3d135fcf5e127070c74c3632c8b4c/Flask-2.2.2-py3-none-any.whl

Path to dependency file: /python/Auth-bypass/requirements.txt

Path to vulnerable library: /python/Auth-bypass/requirements.txt,/python/Session-Management-2/requirements.txt,/python/Attack-Server/requirements.txt,/python/Web-cache-poisoning/requirements.txt,/python/WebSocket-Message-Manipulation/requirements.txt,/python/Session-Management-1/requirements.txt,/python/Threat-modeling/requirements.txt,/python/Host-Header-Authentication-Bypass/requirements.txt,/python/SQLI-login-bypass/requirements.txt

Dependency Hierarchy:

  • Flask-2.2.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

  1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
  2. The application sets session.permanent = True
  3. The application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST enabled (the default).
  5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Publish Date: 2023-05-02

URL: CVE-2023-30861

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-30861

Release Date: 2023-05-02

Fix Resolution: flask - 2.2.5,2.3.2

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

pdfkit-0.13.0.tgz: 3 vulnerabilities (highest severity is: 9.1)

Vulnerable Library - pdfkit-0.13.0.tgz

Path to dependency file: /nodeJs/IDOR/package.json

Path to vulnerable library: /nodeJs/IDOR/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (pdfkit version) Remediation Possible**
CVE-2023-46233 Critical 9.1 crypto-js-4.1.1.tgz Transitive N/A*
CVE-2023-26115 Medium 5.3 word-wrap-1.2.3.tgz Transitive 0.14.0
CVE-2024-27088 Low 0.0 es5-ext-0.10.53.tgz Transitive 0.14.0

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-46233

Vulnerable Library - crypto-js-4.1.1.tgz

JavaScript library of crypto standards.

Library home page: https://registry.npmjs.org/crypto-js/-/crypto-js-4.1.1.tgz

Path to dependency file: /nodeJs/IDOR/package.json

Path to vulnerable library: /nodeJs/IDOR/package.json

Dependency Hierarchy:

  • pdfkit-0.13.0.tgz (Root Library)
    • crypto-js-4.1.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

Publish Date: 2023-10-25

URL: CVE-2023-46233

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-46233

Release Date: 2023-10-25

Fix Resolution: crypto-js - 4.2.0

CVE-2023-26115

Vulnerable Library - word-wrap-1.2.3.tgz

Wrap words to a specified length.

Library home page: https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz

Path to dependency file: /nodeJs/IDOR/package.json

Path to vulnerable library: /nodeJs/IDOR/package.json

Dependency Hierarchy:

  • pdfkit-0.13.0.tgz (Root Library)
    • fontkit-1.8.1.tgz
      • brfs-2.0.2.tgz
        • static-module-3.0.4.tgz
          • escodegen-1.14.3.tgz
            • optionator-0.8.3.tgz
              • word-wrap-1.2.3.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Publish Date: 2023-06-22

URL: CVE-2023-26115

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j8xg-fqg3-53r7

Release Date: 2023-06-22

Fix Resolution (word-wrap): 1.2.4

Direct dependency fix Resolution (pdfkit): 0.14.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-27088

Vulnerable Library - es5-ext-0.10.53.tgz

ECMAScript extensions and shims

Library home page: https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.53.tgz

Path to dependency file: /nodeJs/IDOR/package.json

Path to vulnerable library: /nodeJs/IDOR/package.json

Dependency Hierarchy:

  • pdfkit-0.13.0.tgz (Root Library)
    • fontkit-1.8.1.tgz
      • brfs-2.0.2.tgz
        • static-module-3.0.4.tgz
          • scope-analyzer-2.1.2.tgz
            • es6-set-0.1.5.tgz
              • es5-ext-0.10.53.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into function#copy or function#toStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63.

Publish Date: 2024-02-26

URL: CVE-2024-27088

CVSS 3 Score Details (0.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-27088

Release Date: 2024-02-26

Fix Resolution (es5-ext): 0.10.63

Direct dependency fix Resolution (pdfkit): 0.14.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

nodemon-2.0.14.tgz: 6 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - nodemon-2.0.14.tgz

Path to vulnerable library: /nodeJs/DOS-regex/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CMD/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSSI/package.json,/nodeJs/XSS-url/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/XXE/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/LFI-2/package.json,/nodeJs/IDOR/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/SSRF/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/CMD3/package.json,/nodeJs/CMD2/package.json,/nodeJs/CORS/package.json,/nodeJs/CSP/package.json,/nodeJs/CMD4/package.json,/nodeJs/LFI/package.json,/nodeJs/RTLO/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/LFI-3/package.json,/nodeJs/File-upload/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/SQLI/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Content-type/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/RFI/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/XSS/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (nodemon version) Remediation Possible**
CVE-2021-44906 Critical 9.8 minimist-1.2.5.tgz Transitive 2.0.15
CVE-2024-4068 High 7.5 braces-3.0.2.tgz Transitive N/A*
CVE-2022-3517 High 7.5 minimatch-3.0.4.tgz Transitive N/A*
CVE-2022-33987 Medium 5.3 got-9.6.0.tgz Transitive 2.0.17
CVE-2022-25883 Medium 5.3 detected in multiple dependencies Transitive 3.0.0
CVE-2022-25881 Medium 5.3 http-cache-semantics-4.1.0.tgz Transitive 2.0.15

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-44906

Vulnerable Library - minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • latest-version-5.1.0.tgz
        • package-json-6.5.0.tgz
          • registry-auth-token-4.2.1.tgz
            • rc-1.2.8.tgz
              • minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xvch-5gv4-984h

Release Date: 2022-03-17

Fix Resolution (minimist): 1.2.6

Direct dependency fix Resolution (nodemon): 2.0.15

CVE-2024-4068

Vulnerable Library - braces-3.0.2.tgz

Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.

Library home page: https://registry.npmjs.org/braces/-/braces-3.0.2.tgz

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • chokidar-3.5.2.tgz
      • braces-3.0.2.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
Mend Note: After conducting a further research, it was concluded that CVE-2024-4068 does not contain a high security risk that reflects the NVD score, but should be kept for users' awareness. Users of braces should follow the fix recommendation as noted.

Publish Date: 2024-05-13

URL: CVE-2024-4068

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-05-13

Fix Resolution: braces - 3.0.3

CVE-2022-3517

Vulnerable Library - minimatch-3.0.4.tgz

a glob matcher in javascript

Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz

Path to dependency file: /nodeJs/DOS-regex/package.json

Path to vulnerable library: /nodeJs/DOS-regex/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CMD/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/CSSI/package.json,/nodeJs/XSS-url/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/XXE/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/LFI-2/package.json,/nodeJs/IDOR/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/SSRF/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/CMD3/package.json,/nodeJs/CMD2/package.json,/nodeJs/CORS/package.json,/nodeJs/CSP/package.json,/nodeJs/CMD4/package.json,/nodeJs/LFI/package.json,/nodeJs/RTLO/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/LFI-3/package.json,/nodeJs/File-upload/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/SQLI/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Content-type/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/RFI/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/XSS/package.json

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • minimatch-3.0.4.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Publish Date: 2022-10-17

URL: CVE-2022-3517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-17

Fix Resolution: minimatch - 3.0.5

CVE-2022-33987

Vulnerable Library - got-9.6.0.tgz

Simplified HTTP requests

Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • latest-version-5.1.0.tgz
        • package-json-6.5.0.tgz
          • got-9.6.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

Publish Date: 2022-06-18

URL: CVE-2022-33987

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

Release Date: 2022-06-18

Fix Resolution (got): 11.8.6

Direct dependency fix Resolution (nodemon): 2.0.17

CVE-2022-25883

Vulnerable Libraries - semver-5.7.1.tgz, semver-7.3.5.tgz, semver-6.3.0.tgz

semver-5.7.1.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-5.7.1.tgz

Path to dependency file: /nodeJs/SQLI/package.json

Path to vulnerable library: /nodeJs/SQLI/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/IDOR/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/LFI-3/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/LFI-2/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/CSP/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/CMD/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/CORS/package.json,/nodeJs/CMD3/package.json,/nodeJs/CMD2/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/XSS/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/Content-type/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/RFI/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/File-upload/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/SSRF/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/CMD4/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/CSSI/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/RTLO/package.json,/nodeJs/LFI/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/XXE/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/XSS-url/package.json,/nodeJs/Url-redirection/package.json

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • semver-5.7.1.tgz (Vulnerable Library)

semver-7.3.5.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-7.3.5.tgz

Path to dependency file: /nodeJs/RaceCondition/package.json

Path to vulnerable library: /nodeJs/RaceCondition/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/LFI/package.json,/nodeJs/CMD4/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/File-upload/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/RTLO/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/CORS/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/CSTI/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/RFI/package.json,/nodeJs/CMD3/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/CMD2/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/IDOR/package.json,/nodeJs/LFI-2/package.json,/nodeJs/LFI-3/package.json,/nodeJs/XSS-url/package.json,/nodeJs/XXE/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/CMD/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/XSS/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/SSRF/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/Content-type/package.json,/nodeJs/CSSI/package.json,/nodeJs/CSP/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/Credentials-guessing-2/package.json

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • semver-7.3.5.tgz (Vulnerable Library)

semver-6.3.0.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-6.3.0.tgz

Path to dependency file: /nodeJs/Content-type/package.json

Path to vulnerable library: /nodeJs/Content-type/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/JWT-null/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/File-upload/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/CSSI/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/XSS-url/package.json,/nodeJs/LFI/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/SSRF/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/CMD-Blind/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/RaceCondition/package.json,/nodeJs/IDOR/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/LFI-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/CSP/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/LFI-3/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/XXE/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/RTLO/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/CMD4/package.json,/nodeJs/CMD3/package.json,/nodeJs/CORS/package.json,/nodeJs/CMD/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/XSS/package.json,/nodeJs/CSTI/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/CMD2/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/RFI/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/SQLI-like/package.json

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • latest-version-5.1.0.tgz
        • package-json-6.5.0.tgz
          • semver-6.3.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c2qf-rxjj-qqgw

Release Date: 2023-06-21

Fix Resolution (semver): 5.7.2

Direct dependency fix Resolution (nodemon): 3.0.0

Fix Resolution (semver): 5.7.2

Direct dependency fix Resolution (nodemon): 3.0.0

Fix Resolution (semver): 5.7.2

Direct dependency fix Resolution (nodemon): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-25881

Vulnerable Library - http-cache-semantics-4.1.0.tgz

Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies

Library home page: https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz

Path to dependency file: /nodeJs/RaceCondition/package.json

Path to vulnerable library: /nodeJs/RaceCondition/package.json,/nodeJs/Auth-Bypass-3/package.json,/nodeJs/LFI/package.json,/nodeJs/Ratelimiting/package.json,/nodeJs/Ldap-Injection/package.json,/nodeJs/Auth-Bypass/package.json,/nodeJs/CMD3/package.json,/nodeJs/CMD4/package.json,/nodeJs/Info-leakage-comments/package.json,/nodeJs/Credentials-guessing-1/package.json,/nodeJs/SQLI-blind/package.json,/nodeJs/RTLO/package.json,/nodeJs/CSP/package.json,/nodeJs/Credentials-guessing-2/package.json,/nodeJs/File-upload/package.json,/nodeJs/Client-side-restriction-bypass-2/package.json,/nodeJs/Info-leakage-metadata/package.json,/nodeJs/Session-hijacking-xss/package.json,/nodeJs/Graphql-Injection/package.json,/nodeJs/SQLI-like/package.json,/nodeJs/Untrusted-sources-js/package.json,/nodeJs/CSRF-samesite/package.json,/nodeJs/JWT-null/package.json,/nodeJs/CMD2/package.json,/nodeJs/Formula-Injection/package.json,/nodeJs/Graphql-Mutations/package.json,/nodeJs/SessionPuzzle/package.json,/nodeJs/Auth-Bypass-1/package.json,/nodeJs/CMD/package.json,/nodeJs/Url-redirection-harder2/package.json,/nodeJs/JWT-secret/package.json,/nodeJs/Auth-Bypass-2/package.json,/nodeJs/RFI/package.json,/nodeJs/Content-type/package.json,/nodeJs/XSS/package.json,/nodeJs/CORS/package.json,/nodeJs/CSTI/package.json,/nodeJs/Http-response-splitting/package.json,/nodeJs/XSS-url/package.json,/nodeJs/RaceCondition-file-write/package.json,/nodeJs/Ldap-Injection-harder/package.json,/nodeJs/XSS-DOM/package.json,/nodeJs/LFI-2/package.json,/nodeJs/SQLI/package.json,/nodeJs/Auth-Bypass-simple/package.json,/nodeJs/Client-side-restriction-bypass/package.json,/nodeJs/XSS-DOM-2/package.json,/nodeJs/CSSI/package.json,/nodeJs/XXE/package.json,/nodeJs/CSRF-weak/package.json,/nodeJs/Graphql-Introspection/package.json,/nodeJs/XSS-attribute/package.json,/nodeJs/SSRF/package.json,/nodeJs/LFI-3/package.json,/nodeJs/IDOR/package.json,/nodeJs/ParameterBinding/package.json,/nodeJs/DOS-regex/package.json,/nodeJs/Prototype-Pollution/package.json,/nodeJs/Url-redirection/package.json,/nodeJs/Url-redirection-harder/package.json,/nodeJs/CMD-Blind/package.json

Dependency Hierarchy:

  • nodemon-2.0.14.tgz (Root Library)
    • update-notifier-5.1.0.tgz
      • latest-version-5.1.0.tgz
        • package-json-6.5.0.tgz
          • got-9.6.0.tgz
            • cacheable-request-6.1.0.tgz
              • http-cache-semantics-4.1.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Publish Date: 2023-01-31

URL: CVE-2022-25881

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rc47-6667-2j5j

Release Date: 2023-01-31

Fix Resolution (http-cache-semantics): 4.1.1

Direct dependency fix Resolution (nodemon): 2.0.15

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

commons-collections-3.1.jar: 5 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (commons-collections version) Remediation Possible**
CVE-2019-13116 Critical 9.8 commons-collections-3.1.jar Direct 3.2.2
CVE-2017-15708 Critical 9.8 commons-collections-3.1.jar Direct 3.2.2
CVE-2015-7501 Critical 9.8 commons-collections-3.1.jar Direct 3.2.2
CVE-2015-4852 Critical 9.8 commons-collections-3.1.jar Direct 3.2.2
CVE-2015-6420 High 7.3 commons-collections-3.1.jar Direct 3.2.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-13116

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Dependency Hierarchy:

  • commons-collections-3.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections

Publish Date: 2019-10-16

URL: CVE-2019-13116

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13116

Release Date: 2019-10-16

Fix Resolution: 3.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2017-15708

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Dependency Hierarchy:

  • commons-collections-3.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

Publish Date: 2017-12-10

URL: CVE-2017-15708

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708

Release Date: 2017-12-10

Fix Resolution: 3.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2015-7501

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Dependency Hierarchy:

  • commons-collections-3.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2017-11-09

URL: CVE-2015-7501

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1279330

Release Date: 2017-11-09

Fix Resolution: 3.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2015-4852

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Dependency Hierarchy:

  • commons-collections-3.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Publish Date: 2015-11-18

URL: CVE-2015-4852

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19

Release Date: 2015-11-18

Fix Resolution: 3.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2015-6420

Vulnerable Library - commons-collections-3.1.jar

Types that extend and augment the Java Collections Framework.

Path to dependency file: /java/des-java/pom.xml

Path to vulnerable library: /java/des-java/pom.xml

Dependency Hierarchy:

  • commons-collections-3.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2015-12-15

URL: CVE-2015-6420

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2015-12-15

Fix Resolution: 3.2.2

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

rails-5.2.3.gem: 37 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - rails-5.2.3.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-5.2.3.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (rails version) Remediation Possible**
CVE-2022-32224 Critical 9.8 activerecord-5.2.3.gem Transitive N/A*
CVE-2022-21831 Critical 9.8 activestorage-5.2.3.gem Transitive N/A*
CVE-2023-22794 High 8.8 activerecord-5.2.3.gem Transitive N/A*
WS-2023-0224 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2023-22799 High 7.5 globalid-0.4.2.gem Transitive N/A*
CVE-2023-22795 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2023-22792 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2022-44566 High 7.5 activerecord-5.2.3.gem Transitive N/A*
CVE-2022-23517 High 7.5 rails-html-sanitizer-1.0.4.gem Transitive N/A*
CVE-2022-23516 High 7.5 loofah-2.2.3.gem Transitive N/A*
CVE-2022-23514 High 7.5 loofah-2.2.3.gem Transitive N/A*
CVE-2021-22904 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2021-22885 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2021-22880 High 7.5 detected in multiple dependencies Direct 5.2.4.5,6.0.3.5,6.1.2.1
CVE-2020-8164 High 7.5 actionpack-5.2.3.gem Transitive N/A*
CVE-2020-8162 High 7.5 activestorage-5.2.3.gem Transitive N/A*
CVE-2020-7663 High 7.5 websocket-extensions-0.1.3.gem Transitive N/A*
CVE-2020-8167 Medium 6.5 rails-5.2.3.gem Direct 6.0.3.1,5.2.4.3
CVE-2020-8130 Medium 6.4 rake-12.3.2.gem Transitive N/A*
CVE-2023-28362 Medium 6.1 actionpack-5.2.3.gem Transitive N/A*
CVE-2023-28120 Medium 6.1 rails-5.2.3.gem Direct rails - 6.1.7.3,7.0.4.3
CVE-2023-23913 Medium 6.1 rails-5.2.3.gem Direct rails - 6.1.7.3,7.0.4.3
CVE-2022-32209 Medium 6.1 rails-html-sanitizer-1.0.4.gem Transitive N/A*
CVE-2022-27777 Medium 6.1 actionview-5.2.3.gem Transitive N/A*
CVE-2022-23520 Medium 6.1 rails-html-sanitizer-1.0.4.gem Transitive N/A*
CVE-2022-23519 Medium 6.1 rails-html-sanitizer-1.0.4.gem Transitive N/A*
CVE-2022-23518 Medium 6.1 rails-html-sanitizer-1.0.4.gem Transitive N/A*
CVE-2022-23515 Medium 6.1 loofah-2.2.3.gem Transitive N/A*
CVE-2022-22577 Medium 6.1 actionpack-5.2.3.gem Transitive N/A*
CVE-2020-15169 Medium 6.1 actionview-5.2.3.gem Transitive N/A*
CVE-2022-23634 Medium 5.9 actionpack-5.2.3.gem Transitive N/A*
CVE-2022-23633 Medium 5.9 actionpack-5.2.3.gem Transitive N/A*
CVE-2022-3704 Medium 5.4 actionpack-5.2.3.gem Transitive N/A*
CVE-2019-15587 Medium 5.4 loofah-2.2.3.gem Transitive N/A*
CVE-2024-26144 Medium 5.3 rails-5.2.3.gem Direct rails - 6.1.7.7,7.0.8.1
CVE-2020-5267 Medium 4.8 actionview-5.2.3.gem Transitive N/A*
CVE-2020-8166 Medium 4.3 actionpack-5.2.3.gem Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (22 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2022-32224

Vulnerable Library - activerecord-5.2.3.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activerecord-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Publish Date: 2022-12-05

URL: CVE-2022-32224

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3hhc-qp5v-9p2j

Release Date: 2022-12-05

Fix Resolution: activerecord - 5.2.8.1,6.0.5.1,6.1.6.1,7.0.3.1

CVE-2022-21831

Vulnerable Library - activestorage-5.2.3.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activestorage-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activestorage-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Publish Date: 2022-05-26

URL: CVE-2022-21831

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-w749-p3v6-hccq

Release Date: 2022-05-26

Fix Resolution: activestorage - 5.2.6.3,6.0.4.7,6.1.4.7,7.0.2.3

CVE-2023-22794

Vulnerable Library - activerecord-5.2.3.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activerecord-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Publish Date: 2023-02-09

URL: CVE-2023-22794

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hq7p-j377-6v63

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.0.6.1,6.1.7.1,7.0.4.1

WS-2023-0224

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In actionpack prior to 6.1.5 there is a Possible DOS in app with crashing exceptions_app.

Publish Date: 2023-06-28

URL: WS-2023-0224

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-06-28

Fix Resolution: actionpack - 6.1.5

CVE-2023-22799

Vulnerable Library - globalid-0.4.2.gem

URIs for your models makes it easy to pass references around.

Library home page: https://rubygems.org/gems/globalid-0.4.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/globalid-0.4.2.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activejob-5.2.3.gem
      • globalid-0.4.2.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22799

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-23c2-gwp5-pxw9

Release Date: 2023-02-09

Fix Resolution: globalid - 1.0.1

CVE-2023-22795

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22795

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-02-09

Fix Resolution: actionpack - 6.1.7.1, 7.0.4.1

CVE-2023-22792

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22792

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-02-09

Fix Resolution: actionpack - 6.1.7.1,7.0.4.1

CVE-2022-44566

Vulnerable Library - activerecord-5.2.3.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activerecord-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Publish Date: 2023-02-09

URL: CVE-2022-44566

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-579w-22j4-4749

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.1.7.1,7.0.4.1

CVE-2022-23517

Vulnerable Library - rails-html-sanitizer-1.0.4.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.0.4.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-html-sanitizer-1.0.4.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionview-5.2.3.gem
      • rails-html-sanitizer-1.0.4.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

Publish Date: 2022-12-14

URL: CVE-2022-23517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-5x79-w82f-gw8w

Release Date: 2022-12-14

Fix Resolution: rails-html-sanitizer - 1.4.4

CVE-2022-23516

Vulnerable Library - loofah-2.2.3.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/loofah-2.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionview-5.2.3.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized.

Publish Date: 2022-12-14

URL: CVE-2022-23516

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3x8r-x6xp-q4vm

Release Date: 2022-12-14

Fix Resolution: loofah - 2.19.1

CVE-2022-23514

Vulnerable Library - loofah-2.2.3.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/loofah-2.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionview-5.2.3.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.

Publish Date: 2022-12-14

URL: CVE-2022-23514

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-486f-hjj9-9vhh

Release Date: 2022-12-14

Fix Resolution: loofah - 2.19.1

CVE-2021-22904

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_http_token for request authentication.

Publish Date: 2021-06-11

URL: CVE-2021-22904

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-06-11

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2021-22885

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

Publish Date: 2021-05-27

URL: CVE-2021-22885

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hjg4-8q5f-x6fm

Release Date: 2021-05-27

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2021-22880

Vulnerable Libraries - rails-5.2.3.gem, activerecord-5.2.3.gem

rails-5.2.3.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Vulnerable Library)

activerecord-5.2.3.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activerecord-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Publish Date: 2021-02-11

URL: CVE-2021-22880

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

Release Date: 2021-02-11

Fix Resolution: 5.2.4.5,6.0.3.5,6.1.2.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-8164

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

Publish Date: 2020-06-19

URL: CVE-2020-8164

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8727-m6gj-mc37

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2020-8162

Vulnerable Library - activestorage-5.2.3.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activestorage-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • activestorage-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Publish Date: 2020-06-19

URL: CVE-2020-8162

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-m42x-37p3-fv5w

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2020-7663

Vulnerable Library - websocket-extensions-0.1.3.gem

Library home page: https://rubygems.org/gems/websocket-extensions-0.1.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/websocket-extensions-0.1.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actioncable-5.2.3.gem
      • websocket-driver-0.7.0.gem
        • websocket-extensions-0.1.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Publish Date: 2020-06-02

URL: CVE-2020-7663

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7663

Release Date: 2020-09-17

Fix Resolution: websocket-extensions:0.1.5

CVE-2020-8167

Vulnerable Library - rails-5.2.3.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Publish Date: 2020-06-19

URL: CVE-2020-8167

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rubygems.org/gems/rails/versions/6.0.3.1

Release Date: 2020-06-19

Fix Resolution: 6.0.3.1,5.2.4.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-8130

Vulnerable Library - rake-12.3.2.gem

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax. Rake has the following features: * Rakefiles (rake's version of Makefiles) are completely defined in standard Ruby syntax. No XML files to edit. No quirky Makefile syntax to worry about (is that a tab or a space?) * Users can specify tasks with prerequisites. * Rake supports rule patterns to synthesize implicit tasks. * Flexible FileLists that act like arrays but know about manipulating file names and paths. * Supports parallel execution of tasks.

Library home page: https://rubygems.org/gems/rake-12.3.2.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rake-12.3.2.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • railties-5.2.3.gem
      • rake-12.3.2.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

Publish Date: 2020-02-24

URL: CVE-2020-8130

CVSS 3 Score Details (6.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8130

Release Date: 2020-06-30

Fix Resolution: v12.3.3

CVE-2023-28362

Vulnerable Library - actionpack-5.2.3.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/actionpack-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Root Library)
    • actionpack-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A possible Cross-Site Scripting (XSS) vulnerability was found in actionpack gem. The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. The vulnerability is fixed in versions 6.1.7.4 and 7.0.5.1.

Publish Date: 2023-03-15

URL: CVE-2023-28362

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

Release Date: 2023-03-15

Fix Resolution: actionpack - 6.1.7.3,7.0.5.1

CVE-2023-28120

Vulnerable Library - rails-5.2.3.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A Possible XSS Security Vulnerability was discovered in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. All versions before 6.1.7.3 and 7.x before 7.0.4.3 are affected.

Publish Date: 2023-03-11

URL: CVE-2023-28120

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

Release Date: 2023-03-11

Fix Resolution: rails - 6.1.7.3,7.0.4.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-23913

Vulnerable Library - rails-5.2.3.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-5.2.3.gem

Dependency Hierarchy:

  • rails-5.2.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

There is a potential DOM based cross-site scripting issue in rails-ujs from 5.1.0 before 6.1.7.3 and 7.0.0 before 7.0.4.3, which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

Publish Date: 2023-01-20

URL: CVE-2023-23913

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

Release Date: 2023-01-20

Fix Resolution: rails - 6.1.7.3,7.0.4.3

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

express-fileupload-1.2.1.tgz: 3 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - express-fileupload-1.2.1.tgz

Simple express file upload middleware that wraps around Busboy

Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.2.1.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/File-upload/package.json,/nodeJs/CMD3/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (express-fileupload version) Remediation Possible**
CVE-2022-27140 Critical 9.8 express-fileupload-1.2.1.tgz Direct N/A
CVE-2022-27261 High 7.5 express-fileupload-1.2.1.tgz Direct N/A
CVE-2022-24434 High 7.5 dicer-0.3.0.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-27140

Vulnerable Library - express-fileupload-1.2.1.tgz

Simple express file upload middleware that wraps around Busboy

Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.2.1.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/File-upload/package.json,/nodeJs/CMD3/package.json

Dependency Hierarchy:

  • express-fileupload-1.2.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).

Publish Date: 2022-04-12

URL: CVE-2022-27140

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2022-27261

Vulnerable Library - express-fileupload-1.2.1.tgz

Simple express file upload middleware that wraps around Busboy

Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.2.1.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json,/nodeJs/File-upload/package.json,/nodeJs/CMD3/package.json

Dependency Hierarchy:

  • express-fileupload-1.2.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

Publish Date: 2022-04-12

URL: CVE-2022-27261

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

CVE-2022-24434

Vulnerable Library - dicer-0.3.0.tgz

A very fast streaming multipart parser for node.js

Library home page: https://registry.npmjs.org/dicer/-/dicer-0.3.0.tgz

Path to dependency file: /nodeJs/CMD3/package.json

Path to vulnerable library: /nodeJs/CMD3/package.json,/nodeJs/File-upload/package.json,/nodeJs/Formula-Injection/package.json

Dependency Hierarchy:

  • express-fileupload-1.2.1.tgz (Root Library)
    • busboy-0.3.1.tgz
      • dicer-0.3.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Publish Date: 2022-05-20

URL: CVE-2022-24434

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Werkzeug-0.14.1-py2.py3-none-any.whl: 5 vulnerabilities (highest severity is: 8.0)

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Werkzeug version) Remediation Possible**
CVE-2023-46136 High 8.0 Werkzeug-0.14.1-py2.py3-none-any.whl Direct 2.3.8
CVE-2024-34069 High 7.5 Werkzeug-0.14.1-py2.py3-none-any.whl Direct 3.0.3
CVE-2023-25577 High 7.5 Werkzeug-0.14.1-py2.py3-none-any.whl Direct 2.2.3
CVE-2019-14806 High 7.5 Werkzeug-0.14.1-py2.py3-none-any.whl Direct 0.15.3
CVE-2023-23934 Low 2.6 Werkzeug-0.14.1-py2.py3-none-any.whl Direct 2.2.3

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-46136

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Dependency Hierarchy:

  • Werkzeug-0.14.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

Publish Date: 2023-10-24

URL: CVE-2023-46136

CVSS 3 Score Details (8.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hrfv-mqp8-q5rw

Release Date: 2023-10-24

Fix Resolution: 2.3.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-34069

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Dependency Hierarchy:

  • Werkzeug-0.14.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Publish Date: 2024-05-06

URL: CVE-2024-34069

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-2g68-c3qc-8985

Release Date: 2024-05-06

Fix Resolution: 3.0.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-25577

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Dependency Hierarchy:

  • Werkzeug-0.14.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.

Publish Date: 2023-02-14

URL: CVE-2023-25577

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-25577

Release Date: 2023-02-14

Fix Resolution: 2.2.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-14806

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Dependency Hierarchy:

  • Werkzeug-0.14.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Publish Date: 2019-08-09

URL: CVE-2019-14806

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://palletsprojects.com/blog/werkzeug-0-15-3-released/

Release Date: 2019-08-09

Fix Resolution: 0.15.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-23934

Vulnerable Library - Werkzeug-0.14.1-py2.py3-none-any.whl

The comprehensive WSGI web application library.

Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl

Path to dependency file: /python/SQLI-like/requirements.txt

Path to vulnerable library: /python/SQLI-like/requirements.txt,/python/JWT-secret/requirements.txt,/python/XXE/requirements.txt,/python/Auth-bypass-1/requirements.txt,/python/Unreferenced-files/requirements.txt,/python/CSP/requirements.txt,/python/Content-type/requirements.txt,/python/Url-redirection-harder/requirements.txt,/python/CORS/requirements.txt,/python/weak-or-unenforced-username-policy/requirements.txt,/python/DoS-regex/requirements.txt,/python/Auth-bypass-3/requirements.txt,/python/Auth-bypass-simple/requirements.txt,/python/LFI/requirements.txt,/python/info-leakeage-metadata/requirements.txt,/python/RaceCondition/requirements.txt,/python/LFI-2/requirements.txt,/python/RTLO/requirements.txt,/python/X-allow-origin/requirements.txt,/python/credentials-guessing-2/requirements.txt,/python/weak-lock-out-mechanism/requirements.txt,/python/account-provisioning-process/requirements.txt,/python/Ldap-injection-harder/requirements.txt,/python/XSS-url/requirements.txt,/python/Url-redirection/requirements.txt,/python/DES-Pickle-2/requirements.txt,/python/RFI/requirements.txt,/python/DES-Pickle/requirements.txt,/python/Untrusted-sources-js/requirements.txt,/python/File-upload/requirements.txt,/python/credentials-guessing-1/requirements.txt,/python/session-hijacking-xss/requirements.txt,/python/DES-Yaml/requirements.txt,/python/RaceCondition-file-write/requirements.txt,/python/XSS-attribute/requirements.txt,/python/CSRF/requirements.txt,/python/SSTI/requirements.txt,/python/CMD/requirements.txt,/python/XSS-DOM-2/requirements.txt,/python/ratelimiting/requirements.txt,/python/CSRF-SameSite/requirements.txt,/python/Url-redirection-harder2/requirements.txt,/python/Formula-injection/requirements.txt,/python/HTML-injection/requirements.txt,/python/SessionPuzzle/requirements.txt,/python/CSTI/requirements.txt,/python/info-leakeage-comments/requirements.txt,/python/Ldap-injection/requirements.txt,/python/Auth-bypass-2/requirements.txt,/python/SQLI/requirements.txt,/python/LFI-3/requirements.txt,/python/user-registration-process/requirements.txt,/python/IDOR/requirements.txt,/python/CSRF-weak/requirements.txt,/python/CSSI/requirements.txt,/python/XSS/requirements.txt,/python/CMD2/requirements.txt,/python/SSRF/requirements.txt,/python/DNS-rebinding/requirements.txt,/python/SQLI-blind/requirements.txt,/python/JWT-null/requirements.txt,/python/CMD3/requirements.txt,/python/XSS-DOM/requirements.txt

Dependency Hierarchy:

  • Werkzeug-0.14.1-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie =__Host-test=bad as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.

Publish Date: 2023-02-14

URL: CVE-2023-23934

CVSS 3 Score Details (2.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-23934

Release Date: 2023-02-14

Fix Resolution: 2.2.3

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar: 24 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar

Path to dependency file: /java/ssti/pom.xml

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-thymeleaf version) Remediation Possible**
CVE-2022-22965 Critical 9.8 spring-beans-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2022-1471 High 8.3 snakeyaml-1.25.jar Transitive 3.2.0
CVE-2022-27772 High 7.8 spring-boot-2.2.0.RELEASE.jar Transitive 2.2.11.RELEASE
CVE-2023-38286 High 7.5 thymeleaf-3.0.11.RELEASE.jar Transitive N/A*
CVE-2023-20883 High 7.5 spring-boot-autoconfigure-2.2.0.RELEASE.jar Transitive 2.5.15
CVE-2022-25857 High 7.5 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2017-18640 High 7.5 snakeyaml-1.25.jar Transitive 2.3.0.RELEASE
CVE-2023-6481 High 7.1 logback-core-1.2.3.jar Transitive N/A*
CVE-2023-6378 High 7.1 logback-classic-1.2.3.jar Transitive 3.0.0
CVE-2021-42550 Medium 6.6 detected in multiple dependencies Transitive 2.5.8
CVE-2023-20863 Medium 6.5 spring-expression-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2023-20861 Medium 6.5 spring-expression-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2022-38752 Medium 6.5 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2022-38751 Medium 6.5 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2022-38750 Medium 6.5 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2022-38749 Medium 6.5 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2022-22950 Medium 6.5 spring-expression-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2022-41854 Medium 5.8 snakeyaml-1.25.jar Transitive 3.0.0
CVE-2023-34055 Medium 5.3 spring-boot-2.2.0.RELEASE.jar Transitive 2.7.18
CVE-2022-22970 Medium 5.3 detected in multiple dependencies Transitive 2.4.0
CVE-2022-22968 Medium 5.3 spring-context-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2024-38808 Medium 4.3 spring-expression-5.2.0.RELEASE.jar Transitive 3.0.0
CVE-2021-22096 Medium 4.3 spring-core-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2021-22060 Medium 4.3 spring-core-5.2.0.RELEASE.jar Transitive 2.4.0

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-22965

Vulnerable Library - spring-beans-5.2.0.RELEASE.jar

Spring Beans

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-aop-5.2.0.RELEASE.jar
            • spring-beans-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.

Publish Date: 2022-04-01

URL: CVE-2022-22965

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Release Date: 2022-04-01

Fix Resolution (org.springframework:spring-beans): 5.2.20.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-1471

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

CVSS 3 Score Details (8.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution (org.yaml:snakeyaml): 2.0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-27772

Vulnerable Library - spring-boot-2.2.0.RELEASE.jar

Spring Boot

Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Publish Date: 2022-03-30

URL: CVE-2022-27772

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cm59-pr5q-cw85

Release Date: 2022-03-30

Fix Resolution (org.springframework.boot:spring-boot): 2.2.11.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.2.11.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-38286

Vulnerable Library - thymeleaf-3.0.11.RELEASE.jar

Modern server-side Java template engine for both web and standalone environments

Library home page: http://www.thymeleaf.org

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • thymeleaf-spring5-3.0.11.RELEASE.jar
      • thymeleaf-3.0.11.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Publish Date: 2023-07-14

URL: CVE-2023-38286

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7gj7-224w-vpr3

Release Date: 2023-07-14

Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE

CVE-2023-20883

Vulnerable Library - spring-boot-autoconfigure-2.2.0.RELEASE.jar

Spring Boot AutoConfigure

Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-autoconfigure

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-autoconfigure-2.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Publish Date: 2023-05-26

URL: CVE-2023-20883

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20883

Release Date: 2023-05-26

Fix Resolution (org.springframework.boot:spring-boot-autoconfigure): 2.5.15

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.5.15

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-25857

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2017-18640

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Publish Date: 2019-12-12

URL: CVE-2017-18640

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640

Release Date: 2019-12-12

Fix Resolution (org.yaml:snakeyaml): 1.26

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.3.0.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-6481

Vulnerable Library - logback-core-1.2.3.jar

logback-core module

Library home page: http://logback.qos.ch

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-starter-logging-2.2.0.RELEASE.jar
        • logback-classic-1.2.3.jar
          • logback-core-1.2.3.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-12-04

URL: CVE-2023-6481

CVSS 3 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481

Release Date: 2023-12-04

Fix Resolution: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14

CVE-2023-6378

Vulnerable Library - logback-classic-1.2.3.jar

logback-classic module

Library home page: http://logback.qos.ch

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-starter-logging-2.2.0.RELEASE.jar
        • logback-classic-1.2.3.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-11-29

URL: CVE-2023-6378

CVSS 3 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://logback.qos.ch/news.html#1.3.12

Release Date: 2023-11-29

Fix Resolution (ch.qos.logback:logback-classic): 1.2.13

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-42550

Vulnerable Libraries - logback-classic-1.2.3.jar, logback-core-1.2.3.jar

logback-classic-1.2.3.jar

logback-classic module

Library home page: http://logback.qos.ch

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-starter-logging-2.2.0.RELEASE.jar
        • logback-classic-1.2.3.jar (Vulnerable Library)

logback-core-1.2.3.jar

logback-core module

Library home page: http://logback.qos.ch

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-starter-logging-2.2.0.RELEASE.jar
        • logback-classic-1.2.3.jar
          • logback-core-1.2.3.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Mend Note: Converted from WS-2021-0491, on 2022-11-07.

Publish Date: 2021-12-16

URL: CVE-2021-42550

CVSS 3 Score Details (6.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2021-42550

Release Date: 2021-12-16

Fix Resolution (ch.qos.logback:logback-classic): 1.2.8

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.5.8

Fix Resolution (ch.qos.logback:logback-core): 1.2.8

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.5.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-20863

Vulnerable Library - spring-expression-5.2.0.RELEASE.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-expression-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-04-13

URL: CVE-2023-20863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20863

Release Date: 2023-04-13

Fix Resolution (org.springframework:spring-expression): 5.2.24.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

CVE-2023-20861

Vulnerable Library - spring-expression-5.2.0.RELEASE.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-expression-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-03-23

URL: CVE-2023-20861

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20861

Release Date: 2023-03-23

Fix Resolution (org.springframework:spring-expression): 5.2.23.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

CVE-2022-38752

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: 2022-09-05

URL: CVE-2022-38752

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-38751

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38751

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-38750

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-38749

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38749

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-22950

Vulnerable Library - spring-expression-5.2.0.RELEASE.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-expression-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Publish Date: 2022-04-01

URL: CVE-2022-22950

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-22950

Release Date: 2022-04-01

Fix Resolution (org.springframework:spring-expression): 5.2.20.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

CVE-2022-41854

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: 2022-11-11

URL: CVE-2022-41854

CVSS 3 Score Details (5.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/

Release Date: 2022-11-11

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-34055

Vulnerable Library - spring-boot-2.2.0.RELEASE.jar

Spring Boot

Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  • the application uses Spring MVC or Spring WebFlux
  • org.springframework.boot:spring-boot-actuator is on the classpath

Publish Date: 2023-11-28

URL: CVE-2023-34055

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-34055

Release Date: 2023-11-28

Fix Resolution (org.springframework.boot:spring-boot): 2.7.18

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.7.18

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-22970

Vulnerable Libraries - spring-beans-5.2.0.RELEASE.jar, spring-core-5.2.0.RELEASE.jar

spring-beans-5.2.0.RELEASE.jar

Spring Beans

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-aop-5.2.0.RELEASE.jar
            • spring-beans-5.2.0.RELEASE.jar (Vulnerable Library)

spring-core-5.2.0.RELEASE.jar

Spring Core

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-core-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Publish Date: 2022-05-12

URL: CVE-2022-22970

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-22970

Release Date: 2022-05-12

Fix Resolution (org.springframework:spring-beans): 5.2.22.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

Fix Resolution (org.springframework:spring-core): 5.2.22.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-22968

Vulnerable Library - spring-context-5.2.0.RELEASE.jar

Spring Context

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Publish Date: 2022-04-14

URL: CVE-2022-22968

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-22968

Release Date: 2022-04-14

Fix Resolution (org.springframework:spring-context): 5.2.21.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-38808

Vulnerable Library - spring-expression-5.2.0.RELEASE.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-context-5.2.0.RELEASE.jar
          • spring-expression-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  • The application evaluates user-supplied SpEL expressions.

Publish Date: 2024-08-20

URL: CVE-2024-38808

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38808

Release Date: 2024-08-20

Fix Resolution (org.springframework:spring-expression): 5.3.39

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 3.0.0

CVE-2021-22096

Vulnerable Library - spring-core-5.2.0.RELEASE.jar

Spring Core

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-core-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Publish Date: 2021-10-28

URL: CVE-2021-22096

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2021-22096

Release Date: 2021-10-28

Fix Resolution (org.springframework:spring-core): 5.2.18.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-22060

Vulnerable Library - spring-core-5.2.0.RELEASE.jar

Spring Core

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-2.2.0.RELEASE.jar
      • spring-boot-2.2.0.RELEASE.jar
        • spring-core-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

Publish Date: 2022-01-07

URL: CVE-2021-22060

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2021-22060

Release Date: 2022-01-07

Fix Resolution (org.springframework:spring-core): 5.2.19.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-thymeleaf): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar: 12 vulnerabilities (highest severity is: 8.3)

Vulnerable Library - spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-thymeleaf version) Remediation Possible**
CVE-2022-1471 High 8.3 snakeyaml-1.30.jar Transitive N/A*
CVE-2023-38286 High 7.5 thymeleaf-3.0.15.RELEASE.jar Transitive N/A*
CVE-2022-25857 High 7.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2023-6378 High 7.1 logback-classic-1.2.11.jar Transitive N/A*
CVE-2023-20863 Medium 6.5 spring-expression-5.3.20.jar Transitive N/A*
CVE-2023-20861 Medium 6.5 spring-expression-5.3.20.jar Transitive N/A*
CVE-2022-38752 Medium 6.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2022-38751 Medium 6.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2022-38750 Medium 6.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2022-38749 Medium 6.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2022-41854 Medium 5.8 snakeyaml-1.30.jar Transitive N/A*
CVE-2024-38808 Medium 4.3 spring-expression-5.3.20.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-1471

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

CVSS 3 Score Details (8.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution: org.yaml:snakeyaml:2.0

CVE-2023-38286

Vulnerable Library - thymeleaf-3.0.15.RELEASE.jar

Modern server-side Java template engine for both web and standalone environments

Library home page: http://www.thymeleaf.org

Path to dependency file: /java/credentials-guessing1/pom.xml

Path to vulnerable library: /java/credentials-guessing1/pom.xml,/java/csrf/pom.xml,/java/session-hijacking-xss/pom.xml,/java/lfi3/pom.xml,/java/file-upload/pom.xml,/java/graphql-idor/pom.xml,/java/cmd2/pom.xml,/java/cmd3/pom.xml,/java/xss-dom/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/parameter-binding/pom.xml,/java/racecondition/pom.xml,/java/csp/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/info-leakage-metadata/pom.xml,/java/lfi2/pom.xml,/java/xss/pom.xml,/java/sqli-like/pom.xml,/java/rfi/pom.xml,/java/lfi/pom.xml,/java/url-redirection-harder/pom.xml,/java/sqli/pom.xml,/java/jwt-null/pom.xml,/java/ldap-injection-harder/pom.xml,/java/des-java/pom.xml,/java/untrusted-sources/pom.xml,/java/racecondition-file-write/pom.xml,/java/jwt-secret/pom.xml,/java/auth-bypass2/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/graphql-info-introspection/pom.xml,/java/auth-bypass-simple/pom.xml,/java/ssrf/pom.xml,/java/rtlo/pom.xml,/java/credentials-guessing2/pom.xml,/java/cssi/pom.xml,/java/ratelimiting/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/formula-injection/pom.xml,/java/cmd/pom.xml,/java/csrf-samesite/pom.xml,/java/http-response-splitting/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/dos-regex/pom.xml,/java/xss-stored/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/url-redirection-harder2/pom.xml,/java/idor/pom.xml,/java/url-redirection/pom.xml,/java/csti/pom.xml,/java/xss-dom2/pom.xml,/java/xxe/pom.xml,/java/csrf-weak/pom.xml,/java/ldap-injection/pom.xml,/java/cmd-blind/pom.xml,/java/xss-url/pom.xml,/java/content-type/pom.xml,/java/auth-bypass1/pom.xml,/java/sessionpuzzle/pom.xml,/java/cors/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • thymeleaf-spring5-3.0.15.RELEASE.jar
      • thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Publish Date: 2023-07-14

URL: CVE-2023-38286

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7gj7-224w-vpr3

Release Date: 2023-07-14

Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE

CVE-2022-25857

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2023-6378

Vulnerable Library - logback-classic-1.2.11.jar

logback-classic module

Library home page: http://logback.qos.ch

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • spring-boot-starter-logging-2.7.0-SNAPSHOT.jar
        • logback-classic-1.2.11.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-11-29

URL: CVE-2023-6378

CVSS 3 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://logback.qos.ch/news.html#1.3.12

Release Date: 2023-11-29

Fix Resolution: ch.qos.logback:logback-classic:1.3.12,1.4.12

CVE-2023-20863

Vulnerable Library - spring-expression-5.3.20.jar

Spring Expression Language (SpEL)

Path to dependency file: /java/info-leakage-metadata/pom.xml

Path to vulnerable library: /java/info-leakage-metadata/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ssrf/pom.xml,/java/graphql-info-introspection/pom.xml,/java/ldap-injection/pom.xml,/java/des-java/pom.xml,/java/cmd4/pom.xml,/java/content-type/pom.xml,/java/cmd-blind/pom.xml,/java/credentials-guessing1/pom.xml,/java/credentials-guessing2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-mutation/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csrf/pom.xml,/java/csrf-weak/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/sqli-blind/pom.xml,/java/cssi/pom.xml,/java/url-redirection-harder2/pom.xml,/java/xss-stored/pom.xml,/java/dos-regex/pom.xml,/java/graphql-injections/pom.xml,/java/lfi2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/auth-bypass3/pom.xml,/java/url-redirection-harder/pom.xml,/java/csrf-samesite/pom.xml,/java/lfi/pom.xml,/java/cmd/pom.xml,/java/rtlo/pom.xml,/java/info-leakage-comments/pom.xml,/java/racecondition-file-write/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/idor/pom.xml,/java/sqli/pom.xml,/java/auth-bypass2/pom.xml,/java/jwt-secret/pom.xml,/java/cors/pom.xml,/java/auth-bypass1/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/racecondition/pom.xml,/java/ldap-injection-harder/pom.xml,/java/graphql-idor/pom.xml,/java/xss-dom2/pom.xml,/java/jwt-null/pom.xml,/java/sqli-like/pom.xml,/java/xss/pom.xml,/java/lfi3/pom.xml,/java/parameter-binding/pom.xml,/java/xss-dom/pom.xml,/java/csp/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • spring-boot-2.7.0-SNAPSHOT.jar
        • spring-context-5.3.20.jar
          • spring-expression-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-04-13

URL: CVE-2023-20863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20863

Release Date: 2023-04-13

Fix Resolution: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8

CVE-2023-20861

Vulnerable Library - spring-expression-5.3.20.jar

Spring Expression Language (SpEL)

Path to dependency file: /java/info-leakage-metadata/pom.xml

Path to vulnerable library: /java/info-leakage-metadata/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ssrf/pom.xml,/java/graphql-info-introspection/pom.xml,/java/ldap-injection/pom.xml,/java/des-java/pom.xml,/java/cmd4/pom.xml,/java/content-type/pom.xml,/java/cmd-blind/pom.xml,/java/credentials-guessing1/pom.xml,/java/credentials-guessing2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-mutation/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csrf/pom.xml,/java/csrf-weak/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/sqli-blind/pom.xml,/java/cssi/pom.xml,/java/url-redirection-harder2/pom.xml,/java/xss-stored/pom.xml,/java/dos-regex/pom.xml,/java/graphql-injections/pom.xml,/java/lfi2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/auth-bypass3/pom.xml,/java/url-redirection-harder/pom.xml,/java/csrf-samesite/pom.xml,/java/lfi/pom.xml,/java/cmd/pom.xml,/java/rtlo/pom.xml,/java/info-leakage-comments/pom.xml,/java/racecondition-file-write/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/idor/pom.xml,/java/sqli/pom.xml,/java/auth-bypass2/pom.xml,/java/jwt-secret/pom.xml,/java/cors/pom.xml,/java/auth-bypass1/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/racecondition/pom.xml,/java/ldap-injection-harder/pom.xml,/java/graphql-idor/pom.xml,/java/xss-dom2/pom.xml,/java/jwt-null/pom.xml,/java/sqli-like/pom.xml,/java/xss/pom.xml,/java/lfi3/pom.xml,/java/parameter-binding/pom.xml,/java/xss-dom/pom.xml,/java/csp/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • spring-boot-2.7.0-SNAPSHOT.jar
        • spring-context-5.3.20.jar
          • spring-expression-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-03-23

URL: CVE-2023-20861

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20861

Release Date: 2023-03-23

Fix Resolution: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7

CVE-2022-38752

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: 2022-09-05

URL: CVE-2022-38752

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.32

CVE-2022-38751

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38751

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-38750

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-38749

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38749

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-41854

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /java/jwt-secret/pom.xml

Path to vulnerable library: /java/jwt-secret/pom.xml,/java/csrf-samesite/pom.xml,/java/auth-bypass2/pom.xml,/java/cmd/pom.xml,/java/cssi/pom.xml,/java/rtlo/pom.xml,/java/untrusted-sources/pom.xml,/java/url-redirection-harder/pom.xml,/java/lfi/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/cmd-blind/pom.xml,/java/csrf-weak/pom.xml,/java/xss-dom2/pom.xml,/java/racecondition/pom.xml,/java/xss-url/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/ldap-injection/pom.xml,/java/cors/pom.xml,/java/idor/pom.xml,/java/auth-bypass1/pom.xml,/java/cmd4/pom.xml,/java/auth-bypass3/pom.xml,/java/sqli-like/pom.xml,/java/xss-dom/pom.xml,/java/content-type/pom.xml,/java/parameter-binding/pom.xml,/java/credentials-guessing2/pom.xml,/java/csp/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-info-introspection/pom.xml,/java/info-leakage-metadata/pom.xml,/java/credentials-guessing1/pom.xml,/java/ssrf/pom.xml,/java/csrf/pom.xml,/java/lfi3/pom.xml,/java/xss-stored/pom.xml,/java/xss/pom.xml,/java/graphql-idor/pom.xml,/java/dos-regex/pom.xml,/java/url-redirection-harder2/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ldap-injection-harder/pom.xml,/java/jwt-null/pom.xml,/java/lfi2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sqli-blind/pom.xml,/java/graphql-injections/pom.xml,/java/session-hijacking-xss/pom.xml,/java/sqli/pom.xml,/java/graphql-mutation/pom.xml,/java/info-leakage-comments/pom.xml,/java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/des-java/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: 2022-11-11

URL: CVE-2022-41854

CVSS 3 Score Details (5.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/

Release Date: 2022-11-11

Fix Resolution: org.yaml:snakeyaml:1.32

CVE-2024-38808

Vulnerable Library - spring-expression-5.3.20.jar

Spring Expression Language (SpEL)

Path to dependency file: /java/info-leakage-metadata/pom.xml

Path to vulnerable library: /java/info-leakage-metadata/pom.xml,/java/client-side-restriction-bypass/pom.xml,/java/ssrf/pom.xml,/java/graphql-info-introspection/pom.xml,/java/ldap-injection/pom.xml,/java/des-java/pom.xml,/java/cmd4/pom.xml,/java/content-type/pom.xml,/java/cmd-blind/pom.xml,/java/credentials-guessing1/pom.xml,/java/credentials-guessing2/pom.xml,/java/auth-bypass-simple/pom.xml,/java/sessionpuzzle/pom.xml,/java/graphql-mutation/pom.xml,/java/xss-url/pom.xml,/java/session-hijacking-xss/pom.xml,/java/csrf/pom.xml,/java/csrf-weak/pom.xml,/java/client-side-restriction-bypass-2/pom.xml,/java/sqli-blind/pom.xml,/java/cssi/pom.xml,/java/url-redirection-harder2/pom.xml,/java/xss-stored/pom.xml,/java/dos-regex/pom.xml,/java/graphql-injections/pom.xml,/java/lfi2/pom.xml,/java/csti/pom.xml,/java/url-redirection/pom.xml,/java/auth-bypass3/pom.xml,/java/url-redirection-harder/pom.xml,/java/csrf-samesite/pom.xml,/java/lfi/pom.xml,/java/cmd/pom.xml,/java/rtlo/pom.xml,/java/info-leakage-comments/pom.xml,/java/racecondition-file-write/pom.xml,/java/untrusted-sources/pom.xml,/java/formula-injection/pom.xml,/java/idor/pom.xml,/java/sqli/pom.xml,/java/auth-bypass2/pom.xml,/java/jwt-secret/pom.xml,/java/cors/pom.xml,/java/auth-bypass1/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml,/java/racecondition/pom.xml,/java/ldap-injection-harder/pom.xml,/java/graphql-idor/pom.xml,/java/xss-dom2/pom.xml,/java/jwt-null/pom.xml,/java/sqli-like/pom.xml,/java/xss/pom.xml,/java/lfi3/pom.xml,/java/parameter-binding/pom.xml,/java/xss-dom/pom.xml,/java/csp/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.0-SNAPSHOT.jar (Root Library)
    • spring-boot-starter-2.7.0-SNAPSHOT.jar
      • spring-boot-2.7.0-SNAPSHOT.jar
        • spring-context-5.3.20.jar
          • spring-expression-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  • The application evaluates user-supplied SpEL expressions.

Publish Date: 2024-08-20

URL: CVE-2024-38808

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38808

Release Date: 2024-08-20

Fix Resolution: org.springframework:spring-expression:5.3.39

graphql-spring-boot-starter-12.0.0.jar: 8 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - graphql-spring-boot-starter-12.0.0.jar

Path to vulnerable library: /java/graphql-idor/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-info-introspection/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (graphql-spring-boot-starter version) Remediation Possible**
CVE-2022-42889 Critical 9.8 commons-text-1.9.jar Transitive 14.1.0
CVE-2024-40094 High 7.5 graphql-java-18.1.jar Transitive N/A*
CVE-2024-38816 High 7.5 spring-webflux-5.3.20.jar Transitive N/A*
CVE-2023-28867 High 7.5 graphql-java-18.1.jar Transitive 14.1.0
CVE-2022-37734 High 7.5 graphql-java-18.1.jar Transitive 14.1.0
CVE-2018-10237 Medium 5.9 guava-20.0.jar Transitive 13.0.0
CVE-2023-2976 Medium 5.5 guava-20.0.jar Transitive 13.0.0
CVE-2020-8908 Low 3.3 guava-20.0.jar Transitive 13.0.0

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-42889

Vulnerable Library - commons-text-1.9.jar

Apache Commons Text is a library focused on algorithms working on strings.

Library home page: https://commons.apache.org/proper/commons-text

Path to dependency file: /java/graphql-idor/pom.xml

Path to vulnerable library: /java/graphql-idor/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-info-introspection/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • commons-text-1.9.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Publish Date: 2022-10-13

URL: CVE-2022-42889

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2022/10/13/4

Release Date: 2022-10-13

Fix Resolution (org.apache.commons:commons-text): 1.10.0

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 14.1.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-40094

Vulnerable Library - graphql-java-18.1.jar

GraphqL Java

Library home page: https://github.com/graphql-java/graphql-java

Path to dependency file: /java/graphql-info-introspection/pom.xml

Path to vulnerable library: /java/graphql-info-introspection/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • graphql-java-tools-11.1.2.jar
        • graphql-java-18.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

Publish Date: 2024-07-30

URL: CVE-2024-40094

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-40094

Release Date: 2024-07-30

Fix Resolution: com.graphql-java:graphql-java:19.11,20.9,21.5

CVE-2024-38816

Vulnerable Library - spring-webflux-5.3.20.jar

Spring WebFlux

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • spring-webflux-5.3.20.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  • the web application uses RouterFunctions to serve static resources
  • resource handling is explicitly configured with a FileSystemResource location

However, malicious requests are blocked and rejected when any of the following is true:

Publish Date: 2024-09-13

URL: CVE-2024-38816

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38816

Release Date: 2024-09-13

Fix Resolution: org.springframework:spring-webflux:6.1.13, org.springframework:spring-webmvc:6.1.13

CVE-2023-28867

Vulnerable Library - graphql-java-18.1.jar

GraphqL Java

Library home page: https://github.com/graphql-java/graphql-java

Path to dependency file: /java/graphql-info-introspection/pom.xml

Path to vulnerable library: /java/graphql-info-introspection/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • graphql-java-tools-11.1.2.jar
        • graphql-java-18.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.

Publish Date: 2023-03-27

URL: CVE-2023-28867

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-03-27

Fix Resolution (com.graphql-java:graphql-java): 18.4

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 14.1.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-37734

Vulnerable Library - graphql-java-18.1.jar

GraphqL Java

Library home page: https://github.com/graphql-java/graphql-java

Path to dependency file: /java/graphql-info-introspection/pom.xml

Path to vulnerable library: /java/graphql-info-introspection/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-injections/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-dos-resource-exhaustion/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • graphql-java-tools-11.1.2.jar
        • graphql-java-18.1.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.

Publish Date: 2022-09-12

URL: CVE-2022-37734

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-09-12

Fix Resolution (com.graphql-java:graphql-java): 18.3

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 14.1.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-10237

Vulnerable Library - guava-20.0.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. 

Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>

Library home page: https://github.com/google/guava

Path to dependency file: /java/graphql-dos-resource-exhaustion/pom.xml

Path to vulnerable library: /java/graphql-dos-resource-exhaustion/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-info-introspection/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-injections/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • reflections-0.9.11.jar
        • guava-20.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Release Date: 2018-04-26

Fix Resolution (com.google.guava:guava): 24.1.1-android

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 13.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-2976

Vulnerable Library - guava-20.0.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. 

Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>

Library home page: https://github.com/google/guava

Path to dependency file: /java/graphql-dos-resource-exhaustion/pom.xml

Path to vulnerable library: /java/graphql-dos-resource-exhaustion/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-info-introspection/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-injections/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • reflections-0.9.11.jar
        • guava-20.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Mend Note: Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Publish Date: 2023-06-14

URL: CVE-2023-2976

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7g45-4rm6-3mm3

Release Date: 2023-06-14

Fix Resolution (com.google.guava:guava): 32.0.1-android

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 13.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-8908

Vulnerable Library - guava-20.0.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. 

Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>

Library home page: https://github.com/google/guava

Path to dependency file: /java/graphql-dos-resource-exhaustion/pom.xml

Path to vulnerable library: /java/graphql-dos-resource-exhaustion/pom.xml,/java/graphql-mutation/pom.xml,/java/graphql-info-introspection/pom.xml,/java/graphql-idor/pom.xml,/java/graphql-injections/pom.xml

Dependency Hierarchy:

  • graphql-spring-boot-starter-12.0.0.jar (Root Library)
    • graphql-spring-boot-autoconfigure-12.0.0.jar
      • reflections-0.9.11.jar
        • guava-20.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Publish Date: 2020-12-10

URL: CVE-2020-8908

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-8908

Release Date: 2020-12-10

Fix Resolution (com.google.guava:guava): 30.0-android

Direct dependency fix Resolution (com.graphql-java-kickstart:graphql-spring-boot-starter): 13.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

json-20211205.jar: 2 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - json-20211205.jar

JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ 

    The files in this package implement JSON encoders/decoders in Java.
    It also includes the capability to convert between JSON and XML, HTTP
    headers, Cookies, and CDL.

    This is a reference implementation. There is a large number of JSON packages
    in Java. Perhaps someday the Java community will standardize on one. Until
    then, choose carefully.

    The license includes this restriction: "The software shall be used for good,
    not evil." If your conscience cannot live with that, then choose a different
    package.</p>

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (json version) Remediation Possible**
CVE-2023-5072 High 7.5 json-20211205.jar Direct 20231013
CVE-2022-45688 High 7.5 json-20211205.jar Direct 20230227

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-5072

Vulnerable Library - json-20211205.jar

JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ 

    The files in this package implement JSON encoders/decoders in Java.
    It also includes the capability to convert between JSON and XML, HTTP
    headers, Cookies, and CDL.

    This is a reference implementation. There is a large number of JSON packages
    in Java. Perhaps someday the Java community will standardize on one. Until
    then, choose carefully.

    The license includes this restriction: "The software shall be used for good,
    not evil." If your conscience cannot live with that, then choose a different
    package.</p>

Dependency Hierarchy:

  • json-20211205.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Publish Date: 2023-10-12

URL: CVE-2023-5072

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rm7j-f5g5-27vv

Release Date: 2023-10-12

Fix Resolution: 20231013

CVE-2022-45688

Vulnerable Library - json-20211205.jar

JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/ 

    The files in this package implement JSON encoders/decoders in Java.
    It also includes the capability to convert between JSON and XML, HTTP
    headers, Cookies, and CDL.

    This is a reference implementation. There is a large number of JSON packages
    in Java. Perhaps someday the Java community will standardize on one. Until
    then, choose carefully.

    The license includes this restriction: "The software shall be used for good,
    not evil." If your conscience cannot live with that, then choose a different
    package.</p>

Dependency Hierarchy:

  • json-20211205.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Publish Date: 2022-12-13

URL: CVE-2022-45688

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3vqj-43w4-2q58

Release Date: 2022-12-13

Fix Resolution: 20230227

Flask-2.0.3-py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - Flask-2.0.3-py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/cd/77/59df23681f4fd19b7cbbb5e92484d46ad587554f5d490f33ef907e456132/Flask-2.0.3-py3-none-any.whl

Path to dependency file: /python/NoSQL/requirements.txt

Path to vulnerable library: /python/NoSQL/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Flask version) Remediation Possible**
CVE-2023-30861 High 7.5 Flask-2.0.3-py3-none-any.whl Direct flask - 2.2.5,2.3.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-30861

Vulnerable Library - Flask-2.0.3-py3-none-any.whl

A simple framework for building complex web applications.

Library home page: https://files.pythonhosted.org/packages/cd/77/59df23681f4fd19b7cbbb5e92484d46ad587554f5d490f33ef907e456132/Flask-2.0.3-py3-none-any.whl

Path to dependency file: /python/NoSQL/requirements.txt

Path to vulnerable library: /python/NoSQL/requirements.txt

Dependency Hierarchy:

  • Flask-2.0.3-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

  1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
  2. The application sets session.permanent = True
  3. The application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST enabled (the default).
  5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Publish Date: 2023-05-02

URL: CVE-2023-30861

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-30861

Release Date: 2023-05-02

Fix Resolution: flask - 2.2.5,2.3.2

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

sqlite3-5.1.4.tgz: 4 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - sqlite3-5.1.4.tgz

Library home page: https://registry.npmjs.org/sqlite3/-/sqlite3-5.1.4.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (sqlite3 version) Remediation Possible**
CVE-2023-42282 Critical 9.8 ip-2.0.0.tgz Transitive N/A*
CVE-2024-29415 Critical 9.1 ip-2.0.0.tgz Transitive N/A*
CVE-2022-43441 High 8.1 sqlite3-5.1.4.tgz Direct 5.1.5
CVE-2024-28863 Medium 6.5 tar-6.1.13.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Library - ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Dependency Hierarchy:

  • sqlite3-5.1.4.tgz (Root Library)
    • node-gyp-8.4.1.tgz
      • make-fetch-happen-9.1.0.tgz
        • socks-proxy-agent-6.2.1.tgz
          • socks-2.7.1.tgz
            • ip-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

CVE-2024-29415

Vulnerable Library - ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Dependency Hierarchy:

  • sqlite3-5.1.4.tgz (Root Library)
    • node-gyp-8.4.1.tgz
      • make-fetch-happen-9.1.0.tgz
        • socks-proxy-agent-6.2.1.tgz
          • socks-2.7.1.tgz
            • ip-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

Publish Date: 2024-05-27

URL: CVE-2024-29415

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

CVE-2022-43441

Vulnerable Library - sqlite3-5.1.4.tgz

Library home page: https://registry.npmjs.org/sqlite3/-/sqlite3-5.1.4.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Dependency Hierarchy:

  • sqlite3-5.1.4.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

Publish Date: 2023-03-16

URL: CVE-2022-43441

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jqv5-7xpx-qj74

Release Date: 2023-03-16

Fix Resolution: 5.1.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-28863

Vulnerable Library - tar-6.1.13.tgz

Library home page: https://registry.npmjs.org/tar/-/tar-6.1.13.tgz

Path to dependency file: /nodeJs/Graphql-Injection/package.json

Path to vulnerable library: /nodeJs/Graphql-Injection/package.json

Dependency Hierarchy:

  • sqlite3-5.1.4.tgz (Root Library)
    • tar-6.1.13.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

Publish Date: 2024-03-21

URL: CVE-2024-28863

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-f5x3-32g6-xq36

Release Date: 2024-03-21

Fix Resolution: tar - 6.2.1

⛑️Automatic Remediation will be attempted for this issue.

exceljs-4.3.0.tgz: 1 vulnerabilities (highest severity is: 7.3)

Vulnerable Library - exceljs-4.3.0.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (exceljs version) Remediation Possible**
CVE-2022-48285 High 7.3 jszip-3.7.1.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-48285

Vulnerable Library - jszip-3.7.1.tgz

Create, read and edit .zip files with JavaScript http://stuartk.com/jszip

Library home page: https://registry.npmjs.org/jszip/-/jszip-3.7.1.tgz

Path to dependency file: /nodeJs/Formula-Injection/package.json

Path to vulnerable library: /nodeJs/Formula-Injection/package.json

Dependency Hierarchy:

  • exceljs-4.3.0.tgz (Root Library)
    • jszip-3.7.1.tgz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
Mend Note: Converted from WS-2023-0004, on 2023-02-01.

Publish Date: 2023-01-29

URL: CVE-2022-48285

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-01-29

Fix Resolution: jszip - 3.8.0

redis-4.3.4-py3-none-any.whl: 2 vulnerabilities (highest severity is: 6.5)

Vulnerable Library - redis-4.3.4-py3-none-any.whl

Python client for Redis database and key-value store

Library home page: https://files.pythonhosted.org/packages/e6/b3/4020cf6172bfd8a75fa2a8fa478bae7a842cf0d7173f2f77305b0c98052b/redis-4.3.4-py3-none-any.whl

Path to dependency file: /python/Web-cache-poisoning/requirements.txt

Path to vulnerable library: /python/Web-cache-poisoning/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (redis version) Remediation Possible**
CVE-2023-28859 Medium 6.5 redis-4.3.4-py3-none-any.whl Direct 4.4.4
CVE-2023-28858 Low 3.7 redis-4.3.4-py3-none-any.whl Direct 4.3.6

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-28859

Vulnerable Library - redis-4.3.4-py3-none-any.whl

Python client for Redis database and key-value store

Library home page: https://files.pythonhosted.org/packages/e6/b3/4020cf6172bfd8a75fa2a8fa478bae7a842cf0d7173f2f77305b0c98052b/redis-4.3.4-py3-none-any.whl

Path to dependency file: /python/Web-cache-poisoning/requirements.txt

Path to vulnerable library: /python/Web-cache-poisoning/requirements.txt

Dependency Hierarchy:

  • redis-4.3.4-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.

Publish Date: 2023-03-26

URL: CVE-2023-28859

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-28859

Release Date: 2023-03-26

Fix Resolution: 4.4.4

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-28858

Vulnerable Library - redis-4.3.4-py3-none-any.whl

Python client for Redis database and key-value store

Library home page: https://files.pythonhosted.org/packages/e6/b3/4020cf6172bfd8a75fa2a8fa478bae7a842cf0d7173f2f77305b0c98052b/redis-4.3.4-py3-none-any.whl

Path to dependency file: /python/Web-cache-poisoning/requirements.txt

Path to vulnerable library: /python/Web-cache-poisoning/requirements.txt

Dependency Hierarchy:

  • redis-4.3.4-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.

Publish Date: 2023-03-26

URL: CVE-2023-28858

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-03-26

Fix Resolution: 4.3.6

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

jquery-1.11.1.min.js: 4 vulnerabilities (highest severity is: 6.9)

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /c/32_bufferOverflow/index.html

Path to vulnerable library: /python/XSS-url/static/js/jquery-1.11.1.min.js,/java/ratelimiting/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Yaml/static/js/jquery-1.11.1.min.js,/python/CSSI/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-2/static/js/jquery-1.11.1.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cssi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder/static/js/jquery-1.11.1.min.js,/python/RFI/static/js/jquery-1.11.1.min.js,/python/CMD3/static/js/jquery-1.11.1.min.js,/python/CSRF/static/js/jquery-1.11.1.min.js,/python/info-leakeage-comments/static/js/jquery-1.11.1.min.js,/python/Ldap-injection/static/js/jquery-1.11.1.min.js,/java/graphql-idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd3/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SQLI-like/static/js/jquery-1.11.1.min.js,/python/LFI/static/js/jquery-1.11.1.min.js,/java/lfi3/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/java/csrf-weak/src/main/resources/static/js/jquery-1.11.1.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery-1.11.1.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ldap-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CSRF-SameSite/static/js/jquery-1.11.1.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CMD/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery-1.11.1.min.js,/java/racecondition/src/main/resources/static/js/jquery-1.11.1.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/python/HTML-injection/static/js/jquery-1.11.1.min.js,/python/Url-redirection/static/js/jquery-1.11.1.min.js,/python/graphql-info-introspection/static/js/jquery-1.11.1.min.js,/java/lfi/src/main/resources/static/js/jquery-1.11.1.min.js,/java/rfi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-attribute/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/old/js/jquery-1.11.1.min.js,/python/CSTI/static/js/jquery-1.11.1.min.js,/java/content-type/src/main/resources/static/js/jquery-1.11.1.min.js,/python/user-registration-process/static/js/jquery-1.11.1.min.js,/java/csti/src/main/resources/static/js/jquery-1.11.1.min.js,/java/des-yaml/src/main/resources/static/js/jquery-1.11.1.min.js,/python/TLS-downgrade/static/js/jquery-1.11.1.min.js,/python/Web-cache-poisoning/static/js/jquery-1.11.1.min.js,/java/cmd4/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss-url/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-DOM/static/js/jquery-1.11.1.min.js,/python/XSS-DOM-2/static/js/jquery-1.11.1.min.js,/java/cmd2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-secret/static/js/jquery-1.11.1.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-IDOR/static/js/jquery-1.11.1.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-injections/static/js/jquery-1.11.1.min.js,/java/ssrf/src/main/resources/static/js/jquery-1.11.1.min.js,/python/X-allow-origin/static/js/jquery-1.11.1.min.js,/python/SessionPuzzle/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-2/static/js/jquery-1.11.1.min.js,/java/rtlo/src/main/resources/static/js/jquery-1.11.1.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery-1.11.1.min.js,/python/Untrusted-sources-js/static/js/jquery-1.11.1.min.js,/java/csp/src/main/resources/static/js/jquery-1.11.1.min.js,/lab-template/static/js/jquery-1.11.1.min.js,/python/RTLO/static/js/jquery-1.11.1.min.js,/python/Session-Management-2/static/js/jquery-1.11.1.min.js,/java/xxe/src/main/resources/static/js/jquery-1.11.1.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery-1.11.1.min.js,/python/session-hijacking-xss/static/js/jquery-1.11.1.min.js,/python/DES-Pickle-2/static/js/jquery-1.11.1.min.js,/python/RaceCondition/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder2/static/js/jquery-1.11.1.min.js,/python/SQLI-blind/static/js/jquery-1.11.1.min.js,/java/idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Pickle/static/js/jquery-1.11.1.min.js,/python/CSP/static/js/jquery-1.11.1.min.js,/python/Attack-Server/static/js/jquery-1.11.1.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery-1.11.1.min.js,/python/File-upload/static/js/jquery-1.11.1.min.js,/python/CORS/static/js/jquery-1.11.1.min.js,/java/sqli-like/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-2/static/js/jquery-1.11.1.min.js,/python/SQLI/static/js/jquery-1.11.1.min.js,/python/DoS-regex/static/js/jquery-1.11.1.min.js,/python/NoSQL/static/js/jquery-1.11.1.min.js,/python/CMD4/static/js/jquery-1.11.1.min.js,/python/Content-type/static/js/jquery-1.11.1.min.js,/python/Threat-modeling/static/js/jquery-1.11.1.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-mutation/static/js/jquery-1.11.1.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery-1.11.1.min.js,/java/dos-regex/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SSTI/static/js/jquery-1.11.1.min.js,/python/account-provisioning-process/static/js/jquery-1.11.1.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery-1.11.1.min.js,/python/weak-lock-out-mechanism/static/js/jquery-1.11.1.min.js,/java/xss-dom/src/main/resources/static/js/jquery-1.11.1.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery-1.11.1.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-injections/src/main/resources/static/js/jquery-1.11.1.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery-1.11.1.min.js,/java/formula-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/file-upload/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/lfi2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/info-leakeage-metadata/static/js/jquery-1.11.1.min.js,/java/parameter-binding/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-3/static/js/jquery-1.11.1.min.js,/python/Formula-injection/static/js/jquery-1.11.1.min.js,/java/cmd-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XXE/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass/static/js/jquery-1.11.1.min.js,/java/xss-stored/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass/static/js/jquery-1.11.1.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Unreferenced-files/static/js/jquery-1.11.1.min.js,/python/Ldap-injection-harder/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-1/static/js/jquery-1.11.1.min.js,/python/RaceCondition-file-write/static/js/jquery-1.11.1.min.js,/python/ratelimiting/static/js/jquery-1.11.1.min.js,/python/CSRF-weak/static/js/jquery-1.11.1.min.js,/java/cors/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-3/static/js/jquery-1.11.1.min.js,/java/des-java/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-secret/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Session-Management-1/static/js/jquery-1.11.1.min.js,/python/DNS-rebinding/static/js/jquery-1.11.1.min.js,/python/SSRF/static/js/jquery-1.11.1.min.js,/python/XSS/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-DOS/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-simple/static/js/jquery-1.11.1.min.js,/python/CMD2/static/js/jquery-1.11.1.min.js,/python/CMD-Blind/static/js/jquery-1.11.1.min.js,/java/xss-dom2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass-2/static/js/jquery-1.11.1.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-null/static/js/jquery-1.11.1.min.js,/python/SQLI-login-bypass/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-1/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-IDOR/static/js/jquery-1.11.1.min.js,/python/IDOR/static/js/jquery-1.11.1.min.js,/java/csrf/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-null/src/main/resources/static/js/jquery-1.11.1.min.js,/python/http-response-splitting/static/js/jquery-1.11.1.min.js

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jquery version) Remediation Possible**
CVE-2020-11023 Medium 6.9 jquery-1.11.1.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022 Medium 6.9 jquery-1.11.1.min.js Direct jQuery - 3.5.0
CVE-2019-11358 Medium 6.1 jquery-1.11.1.min.js Direct jquery - 3.4.0
CVE-2015-9251 Medium 6.1 jquery-1.11.1.min.js Direct jQuery - 3.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /c/32_bufferOverflow/index.html

Path to vulnerable library: /python/XSS-url/static/js/jquery-1.11.1.min.js,/java/ratelimiting/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Yaml/static/js/jquery-1.11.1.min.js,/python/CSSI/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-2/static/js/jquery-1.11.1.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cssi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder/static/js/jquery-1.11.1.min.js,/python/RFI/static/js/jquery-1.11.1.min.js,/python/CMD3/static/js/jquery-1.11.1.min.js,/python/CSRF/static/js/jquery-1.11.1.min.js,/python/info-leakeage-comments/static/js/jquery-1.11.1.min.js,/python/Ldap-injection/static/js/jquery-1.11.1.min.js,/java/graphql-idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd3/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SQLI-like/static/js/jquery-1.11.1.min.js,/python/LFI/static/js/jquery-1.11.1.min.js,/java/lfi3/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/java/csrf-weak/src/main/resources/static/js/jquery-1.11.1.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery-1.11.1.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ldap-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CSRF-SameSite/static/js/jquery-1.11.1.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CMD/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery-1.11.1.min.js,/java/racecondition/src/main/resources/static/js/jquery-1.11.1.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/python/HTML-injection/static/js/jquery-1.11.1.min.js,/python/Url-redirection/static/js/jquery-1.11.1.min.js,/python/graphql-info-introspection/static/js/jquery-1.11.1.min.js,/java/lfi/src/main/resources/static/js/jquery-1.11.1.min.js,/java/rfi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-attribute/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/old/js/jquery-1.11.1.min.js,/python/CSTI/static/js/jquery-1.11.1.min.js,/java/content-type/src/main/resources/static/js/jquery-1.11.1.min.js,/python/user-registration-process/static/js/jquery-1.11.1.min.js,/java/csti/src/main/resources/static/js/jquery-1.11.1.min.js,/java/des-yaml/src/main/resources/static/js/jquery-1.11.1.min.js,/python/TLS-downgrade/static/js/jquery-1.11.1.min.js,/python/Web-cache-poisoning/static/js/jquery-1.11.1.min.js,/java/cmd4/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss-url/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-DOM/static/js/jquery-1.11.1.min.js,/python/XSS-DOM-2/static/js/jquery-1.11.1.min.js,/java/cmd2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-secret/static/js/jquery-1.11.1.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-IDOR/static/js/jquery-1.11.1.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-injections/static/js/jquery-1.11.1.min.js,/java/ssrf/src/main/resources/static/js/jquery-1.11.1.min.js,/python/X-allow-origin/static/js/jquery-1.11.1.min.js,/python/SessionPuzzle/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-2/static/js/jquery-1.11.1.min.js,/java/rtlo/src/main/resources/static/js/jquery-1.11.1.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery-1.11.1.min.js,/python/Untrusted-sources-js/static/js/jquery-1.11.1.min.js,/java/csp/src/main/resources/static/js/jquery-1.11.1.min.js,/lab-template/static/js/jquery-1.11.1.min.js,/python/RTLO/static/js/jquery-1.11.1.min.js,/python/Session-Management-2/static/js/jquery-1.11.1.min.js,/java/xxe/src/main/resources/static/js/jquery-1.11.1.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery-1.11.1.min.js,/python/session-hijacking-xss/static/js/jquery-1.11.1.min.js,/python/DES-Pickle-2/static/js/jquery-1.11.1.min.js,/python/RaceCondition/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder2/static/js/jquery-1.11.1.min.js,/python/SQLI-blind/static/js/jquery-1.11.1.min.js,/java/idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Pickle/static/js/jquery-1.11.1.min.js,/python/CSP/static/js/jquery-1.11.1.min.js,/python/Attack-Server/static/js/jquery-1.11.1.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery-1.11.1.min.js,/python/File-upload/static/js/jquery-1.11.1.min.js,/python/CORS/static/js/jquery-1.11.1.min.js,/java/sqli-like/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-2/static/js/jquery-1.11.1.min.js,/python/SQLI/static/js/jquery-1.11.1.min.js,/python/DoS-regex/static/js/jquery-1.11.1.min.js,/python/NoSQL/static/js/jquery-1.11.1.min.js,/python/CMD4/static/js/jquery-1.11.1.min.js,/python/Content-type/static/js/jquery-1.11.1.min.js,/python/Threat-modeling/static/js/jquery-1.11.1.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-mutation/static/js/jquery-1.11.1.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery-1.11.1.min.js,/java/dos-regex/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SSTI/static/js/jquery-1.11.1.min.js,/python/account-provisioning-process/static/js/jquery-1.11.1.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery-1.11.1.min.js,/python/weak-lock-out-mechanism/static/js/jquery-1.11.1.min.js,/java/xss-dom/src/main/resources/static/js/jquery-1.11.1.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery-1.11.1.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-injections/src/main/resources/static/js/jquery-1.11.1.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery-1.11.1.min.js,/java/formula-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/file-upload/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/lfi2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/info-leakeage-metadata/static/js/jquery-1.11.1.min.js,/java/parameter-binding/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-3/static/js/jquery-1.11.1.min.js,/python/Formula-injection/static/js/jquery-1.11.1.min.js,/java/cmd-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XXE/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass/static/js/jquery-1.11.1.min.js,/java/xss-stored/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass/static/js/jquery-1.11.1.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Unreferenced-files/static/js/jquery-1.11.1.min.js,/python/Ldap-injection-harder/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-1/static/js/jquery-1.11.1.min.js,/python/RaceCondition-file-write/static/js/jquery-1.11.1.min.js,/python/ratelimiting/static/js/jquery-1.11.1.min.js,/python/CSRF-weak/static/js/jquery-1.11.1.min.js,/java/cors/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-3/static/js/jquery-1.11.1.min.js,/java/des-java/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-secret/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Session-Management-1/static/js/jquery-1.11.1.min.js,/python/DNS-rebinding/static/js/jquery-1.11.1.min.js,/python/SSRF/static/js/jquery-1.11.1.min.js,/python/XSS/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-DOS/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-simple/static/js/jquery-1.11.1.min.js,/python/CMD2/static/js/jquery-1.11.1.min.js,/python/CMD-Blind/static/js/jquery-1.11.1.min.js,/java/xss-dom2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass-2/static/js/jquery-1.11.1.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-null/static/js/jquery-1.11.1.min.js,/python/SQLI-login-bypass/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-1/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-IDOR/static/js/jquery-1.11.1.min.js,/python/IDOR/static/js/jquery-1.11.1.min.js,/java/csrf/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-null/src/main/resources/static/js/jquery-1.11.1.min.js,/python/http-response-splitting/static/js/jquery-1.11.1.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /c/32_bufferOverflow/index.html

Path to vulnerable library: /python/XSS-url/static/js/jquery-1.11.1.min.js,/java/ratelimiting/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Yaml/static/js/jquery-1.11.1.min.js,/python/CSSI/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-2/static/js/jquery-1.11.1.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cssi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder/static/js/jquery-1.11.1.min.js,/python/RFI/static/js/jquery-1.11.1.min.js,/python/CMD3/static/js/jquery-1.11.1.min.js,/python/CSRF/static/js/jquery-1.11.1.min.js,/python/info-leakeage-comments/static/js/jquery-1.11.1.min.js,/python/Ldap-injection/static/js/jquery-1.11.1.min.js,/java/graphql-idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd3/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SQLI-like/static/js/jquery-1.11.1.min.js,/python/LFI/static/js/jquery-1.11.1.min.js,/java/lfi3/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/java/csrf-weak/src/main/resources/static/js/jquery-1.11.1.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery-1.11.1.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ldap-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CSRF-SameSite/static/js/jquery-1.11.1.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CMD/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery-1.11.1.min.js,/java/racecondition/src/main/resources/static/js/jquery-1.11.1.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/python/HTML-injection/static/js/jquery-1.11.1.min.js,/python/Url-redirection/static/js/jquery-1.11.1.min.js,/python/graphql-info-introspection/static/js/jquery-1.11.1.min.js,/java/lfi/src/main/resources/static/js/jquery-1.11.1.min.js,/java/rfi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-attribute/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/old/js/jquery-1.11.1.min.js,/python/CSTI/static/js/jquery-1.11.1.min.js,/java/content-type/src/main/resources/static/js/jquery-1.11.1.min.js,/python/user-registration-process/static/js/jquery-1.11.1.min.js,/java/csti/src/main/resources/static/js/jquery-1.11.1.min.js,/java/des-yaml/src/main/resources/static/js/jquery-1.11.1.min.js,/python/TLS-downgrade/static/js/jquery-1.11.1.min.js,/python/Web-cache-poisoning/static/js/jquery-1.11.1.min.js,/java/cmd4/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss-url/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-DOM/static/js/jquery-1.11.1.min.js,/python/XSS-DOM-2/static/js/jquery-1.11.1.min.js,/java/cmd2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-secret/static/js/jquery-1.11.1.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-IDOR/static/js/jquery-1.11.1.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-injections/static/js/jquery-1.11.1.min.js,/java/ssrf/src/main/resources/static/js/jquery-1.11.1.min.js,/python/X-allow-origin/static/js/jquery-1.11.1.min.js,/python/SessionPuzzle/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-2/static/js/jquery-1.11.1.min.js,/java/rtlo/src/main/resources/static/js/jquery-1.11.1.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery-1.11.1.min.js,/python/Untrusted-sources-js/static/js/jquery-1.11.1.min.js,/java/csp/src/main/resources/static/js/jquery-1.11.1.min.js,/lab-template/static/js/jquery-1.11.1.min.js,/python/RTLO/static/js/jquery-1.11.1.min.js,/python/Session-Management-2/static/js/jquery-1.11.1.min.js,/java/xxe/src/main/resources/static/js/jquery-1.11.1.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery-1.11.1.min.js,/python/session-hijacking-xss/static/js/jquery-1.11.1.min.js,/python/DES-Pickle-2/static/js/jquery-1.11.1.min.js,/python/RaceCondition/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder2/static/js/jquery-1.11.1.min.js,/python/SQLI-blind/static/js/jquery-1.11.1.min.js,/java/idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Pickle/static/js/jquery-1.11.1.min.js,/python/CSP/static/js/jquery-1.11.1.min.js,/python/Attack-Server/static/js/jquery-1.11.1.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery-1.11.1.min.js,/python/File-upload/static/js/jquery-1.11.1.min.js,/python/CORS/static/js/jquery-1.11.1.min.js,/java/sqli-like/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-2/static/js/jquery-1.11.1.min.js,/python/SQLI/static/js/jquery-1.11.1.min.js,/python/DoS-regex/static/js/jquery-1.11.1.min.js,/python/NoSQL/static/js/jquery-1.11.1.min.js,/python/CMD4/static/js/jquery-1.11.1.min.js,/python/Content-type/static/js/jquery-1.11.1.min.js,/python/Threat-modeling/static/js/jquery-1.11.1.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-mutation/static/js/jquery-1.11.1.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery-1.11.1.min.js,/java/dos-regex/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SSTI/static/js/jquery-1.11.1.min.js,/python/account-provisioning-process/static/js/jquery-1.11.1.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery-1.11.1.min.js,/python/weak-lock-out-mechanism/static/js/jquery-1.11.1.min.js,/java/xss-dom/src/main/resources/static/js/jquery-1.11.1.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery-1.11.1.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-injections/src/main/resources/static/js/jquery-1.11.1.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery-1.11.1.min.js,/java/formula-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/file-upload/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/lfi2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/info-leakeage-metadata/static/js/jquery-1.11.1.min.js,/java/parameter-binding/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-3/static/js/jquery-1.11.1.min.js,/python/Formula-injection/static/js/jquery-1.11.1.min.js,/java/cmd-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XXE/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass/static/js/jquery-1.11.1.min.js,/java/xss-stored/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass/static/js/jquery-1.11.1.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Unreferenced-files/static/js/jquery-1.11.1.min.js,/python/Ldap-injection-harder/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-1/static/js/jquery-1.11.1.min.js,/python/RaceCondition-file-write/static/js/jquery-1.11.1.min.js,/python/ratelimiting/static/js/jquery-1.11.1.min.js,/python/CSRF-weak/static/js/jquery-1.11.1.min.js,/java/cors/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-3/static/js/jquery-1.11.1.min.js,/java/des-java/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-secret/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Session-Management-1/static/js/jquery-1.11.1.min.js,/python/DNS-rebinding/static/js/jquery-1.11.1.min.js,/python/SSRF/static/js/jquery-1.11.1.min.js,/python/XSS/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-DOS/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-simple/static/js/jquery-1.11.1.min.js,/python/CMD2/static/js/jquery-1.11.1.min.js,/python/CMD-Blind/static/js/jquery-1.11.1.min.js,/java/xss-dom2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass-2/static/js/jquery-1.11.1.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-null/static/js/jquery-1.11.1.min.js,/python/SQLI-login-bypass/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-1/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-IDOR/static/js/jquery-1.11.1.min.js,/python/IDOR/static/js/jquery-1.11.1.min.js,/java/csrf/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-null/src/main/resources/static/js/jquery-1.11.1.min.js,/python/http-response-splitting/static/js/jquery-1.11.1.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

CVE-2019-11358

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /c/32_bufferOverflow/index.html

Path to vulnerable library: /python/XSS-url/static/js/jquery-1.11.1.min.js,/java/ratelimiting/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Yaml/static/js/jquery-1.11.1.min.js,/python/CSSI/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-2/static/js/jquery-1.11.1.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cssi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder/static/js/jquery-1.11.1.min.js,/python/RFI/static/js/jquery-1.11.1.min.js,/python/CMD3/static/js/jquery-1.11.1.min.js,/python/CSRF/static/js/jquery-1.11.1.min.js,/python/info-leakeage-comments/static/js/jquery-1.11.1.min.js,/python/Ldap-injection/static/js/jquery-1.11.1.min.js,/java/graphql-idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd3/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SQLI-like/static/js/jquery-1.11.1.min.js,/python/LFI/static/js/jquery-1.11.1.min.js,/java/lfi3/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/java/csrf-weak/src/main/resources/static/js/jquery-1.11.1.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery-1.11.1.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ldap-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CSRF-SameSite/static/js/jquery-1.11.1.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CMD/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery-1.11.1.min.js,/java/racecondition/src/main/resources/static/js/jquery-1.11.1.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/python/HTML-injection/static/js/jquery-1.11.1.min.js,/python/Url-redirection/static/js/jquery-1.11.1.min.js,/python/graphql-info-introspection/static/js/jquery-1.11.1.min.js,/java/lfi/src/main/resources/static/js/jquery-1.11.1.min.js,/java/rfi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-attribute/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/old/js/jquery-1.11.1.min.js,/python/CSTI/static/js/jquery-1.11.1.min.js,/java/content-type/src/main/resources/static/js/jquery-1.11.1.min.js,/python/user-registration-process/static/js/jquery-1.11.1.min.js,/java/csti/src/main/resources/static/js/jquery-1.11.1.min.js,/java/des-yaml/src/main/resources/static/js/jquery-1.11.1.min.js,/python/TLS-downgrade/static/js/jquery-1.11.1.min.js,/python/Web-cache-poisoning/static/js/jquery-1.11.1.min.js,/java/cmd4/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss-url/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-DOM/static/js/jquery-1.11.1.min.js,/python/XSS-DOM-2/static/js/jquery-1.11.1.min.js,/java/cmd2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-secret/static/js/jquery-1.11.1.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-IDOR/static/js/jquery-1.11.1.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-injections/static/js/jquery-1.11.1.min.js,/java/ssrf/src/main/resources/static/js/jquery-1.11.1.min.js,/python/X-allow-origin/static/js/jquery-1.11.1.min.js,/python/SessionPuzzle/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-2/static/js/jquery-1.11.1.min.js,/java/rtlo/src/main/resources/static/js/jquery-1.11.1.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery-1.11.1.min.js,/python/Untrusted-sources-js/static/js/jquery-1.11.1.min.js,/java/csp/src/main/resources/static/js/jquery-1.11.1.min.js,/lab-template/static/js/jquery-1.11.1.min.js,/python/RTLO/static/js/jquery-1.11.1.min.js,/python/Session-Management-2/static/js/jquery-1.11.1.min.js,/java/xxe/src/main/resources/static/js/jquery-1.11.1.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery-1.11.1.min.js,/python/session-hijacking-xss/static/js/jquery-1.11.1.min.js,/python/DES-Pickle-2/static/js/jquery-1.11.1.min.js,/python/RaceCondition/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder2/static/js/jquery-1.11.1.min.js,/python/SQLI-blind/static/js/jquery-1.11.1.min.js,/java/idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Pickle/static/js/jquery-1.11.1.min.js,/python/CSP/static/js/jquery-1.11.1.min.js,/python/Attack-Server/static/js/jquery-1.11.1.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery-1.11.1.min.js,/python/File-upload/static/js/jquery-1.11.1.min.js,/python/CORS/static/js/jquery-1.11.1.min.js,/java/sqli-like/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-2/static/js/jquery-1.11.1.min.js,/python/SQLI/static/js/jquery-1.11.1.min.js,/python/DoS-regex/static/js/jquery-1.11.1.min.js,/python/NoSQL/static/js/jquery-1.11.1.min.js,/python/CMD4/static/js/jquery-1.11.1.min.js,/python/Content-type/static/js/jquery-1.11.1.min.js,/python/Threat-modeling/static/js/jquery-1.11.1.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-mutation/static/js/jquery-1.11.1.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery-1.11.1.min.js,/java/dos-regex/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SSTI/static/js/jquery-1.11.1.min.js,/python/account-provisioning-process/static/js/jquery-1.11.1.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery-1.11.1.min.js,/python/weak-lock-out-mechanism/static/js/jquery-1.11.1.min.js,/java/xss-dom/src/main/resources/static/js/jquery-1.11.1.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery-1.11.1.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-injections/src/main/resources/static/js/jquery-1.11.1.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery-1.11.1.min.js,/java/formula-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/file-upload/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/lfi2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/info-leakeage-metadata/static/js/jquery-1.11.1.min.js,/java/parameter-binding/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-3/static/js/jquery-1.11.1.min.js,/python/Formula-injection/static/js/jquery-1.11.1.min.js,/java/cmd-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XXE/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass/static/js/jquery-1.11.1.min.js,/java/xss-stored/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass/static/js/jquery-1.11.1.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Unreferenced-files/static/js/jquery-1.11.1.min.js,/python/Ldap-injection-harder/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-1/static/js/jquery-1.11.1.min.js,/python/RaceCondition-file-write/static/js/jquery-1.11.1.min.js,/python/ratelimiting/static/js/jquery-1.11.1.min.js,/python/CSRF-weak/static/js/jquery-1.11.1.min.js,/java/cors/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-3/static/js/jquery-1.11.1.min.js,/java/des-java/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-secret/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Session-Management-1/static/js/jquery-1.11.1.min.js,/python/DNS-rebinding/static/js/jquery-1.11.1.min.js,/python/SSRF/static/js/jquery-1.11.1.min.js,/python/XSS/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-DOS/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-simple/static/js/jquery-1.11.1.min.js,/python/CMD2/static/js/jquery-1.11.1.min.js,/python/CMD-Blind/static/js/jquery-1.11.1.min.js,/java/xss-dom2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass-2/static/js/jquery-1.11.1.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-null/static/js/jquery-1.11.1.min.js,/python/SQLI-login-bypass/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-1/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-IDOR/static/js/jquery-1.11.1.min.js,/python/IDOR/static/js/jquery-1.11.1.min.js,/java/csrf/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-null/src/main/resources/static/js/jquery-1.11.1.min.js,/python/http-response-splitting/static/js/jquery-1.11.1.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-19

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

CVE-2015-9251

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /c/32_bufferOverflow/index.html

Path to vulnerable library: /python/XSS-url/static/js/jquery-1.11.1.min.js,/java/ratelimiting/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Yaml/static/js/jquery-1.11.1.min.js,/python/CSSI/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-2/static/js/jquery-1.11.1.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cssi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder/static/js/jquery-1.11.1.min.js,/python/RFI/static/js/jquery-1.11.1.min.js,/python/CMD3/static/js/jquery-1.11.1.min.js,/python/CSRF/static/js/jquery-1.11.1.min.js,/python/info-leakeage-comments/static/js/jquery-1.11.1.min.js,/python/Ldap-injection/static/js/jquery-1.11.1.min.js,/java/graphql-idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/cmd3/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SQLI-like/static/js/jquery-1.11.1.min.js,/python/LFI/static/js/jquery-1.11.1.min.js,/java/lfi3/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/java/csrf-weak/src/main/resources/static/js/jquery-1.11.1.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery-1.11.1.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ldap-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CSRF-SameSite/static/js/jquery-1.11.1.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/CMD/static/js/jquery-1.11.1.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery-1.11.1.min.js,/java/racecondition/src/main/resources/static/js/jquery-1.11.1.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery-1.11.1.min.js,/c/32_bufferOverflow/static/js/jquery-1.11.1.min.js,/python/HTML-injection/static/js/jquery-1.11.1.min.js,/python/Url-redirection/static/js/jquery-1.11.1.min.js,/python/graphql-info-introspection/static/js/jquery-1.11.1.min.js,/java/lfi/src/main/resources/static/js/jquery-1.11.1.min.js,/java/rfi/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-attribute/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli/src/main/resources/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/old/js/jquery-1.11.1.min.js,/python/CSTI/static/js/jquery-1.11.1.min.js,/java/content-type/src/main/resources/static/js/jquery-1.11.1.min.js,/python/user-registration-process/static/js/jquery-1.11.1.min.js,/java/csti/src/main/resources/static/js/jquery-1.11.1.min.js,/java/des-yaml/src/main/resources/static/js/jquery-1.11.1.min.js,/python/TLS-downgrade/static/js/jquery-1.11.1.min.js,/python/Web-cache-poisoning/static/js/jquery-1.11.1.min.js,/java/cmd4/src/main/resources/static/js/jquery-1.11.1.min.js,/java/xss-url/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XSS-DOM/static/js/jquery-1.11.1.min.js,/python/XSS-DOM-2/static/js/jquery-1.11.1.min.js,/java/cmd2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-secret/static/js/jquery-1.11.1.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-IDOR/static/js/jquery-1.11.1.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-injections/static/js/jquery-1.11.1.min.js,/java/ssrf/src/main/resources/static/js/jquery-1.11.1.min.js,/python/X-allow-origin/static/js/jquery-1.11.1.min.js,/python/SessionPuzzle/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-2/static/js/jquery-1.11.1.min.js,/java/rtlo/src/main/resources/static/js/jquery-1.11.1.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery-1.11.1.min.js,/python/Untrusted-sources-js/static/js/jquery-1.11.1.min.js,/java/csp/src/main/resources/static/js/jquery-1.11.1.min.js,/lab-template/static/js/jquery-1.11.1.min.js,/python/RTLO/static/js/jquery-1.11.1.min.js,/python/Session-Management-2/static/js/jquery-1.11.1.min.js,/java/xxe/src/main/resources/static/js/jquery-1.11.1.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery-1.11.1.min.js,/python/session-hijacking-xss/static/js/jquery-1.11.1.min.js,/python/DES-Pickle-2/static/js/jquery-1.11.1.min.js,/python/RaceCondition/static/js/jquery-1.11.1.min.js,/python/Url-redirection-harder2/static/js/jquery-1.11.1.min.js,/python/SQLI-blind/static/js/jquery-1.11.1.min.js,/java/idor/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sqli-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery-1.11.1.min.js,/python/DES-Pickle/static/js/jquery-1.11.1.min.js,/python/CSP/static/js/jquery-1.11.1.min.js,/python/Attack-Server/static/js/jquery-1.11.1.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery-1.11.1.min.js,/python/File-upload/static/js/jquery-1.11.1.min.js,/python/CORS/static/js/jquery-1.11.1.min.js,/java/sqli-like/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-2/static/js/jquery-1.11.1.min.js,/python/SQLI/static/js/jquery-1.11.1.min.js,/python/DoS-regex/static/js/jquery-1.11.1.min.js,/python/NoSQL/static/js/jquery-1.11.1.min.js,/python/CMD4/static/js/jquery-1.11.1.min.js,/python/Content-type/static/js/jquery-1.11.1.min.js,/python/Threat-modeling/static/js/jquery-1.11.1.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery-1.11.1.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery-1.11.1.min.js,/python/graphql-mutation/static/js/jquery-1.11.1.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery-1.11.1.min.js,/java/dos-regex/src/main/resources/static/js/jquery-1.11.1.min.js,/python/SSTI/static/js/jquery-1.11.1.min.js,/python/account-provisioning-process/static/js/jquery-1.11.1.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery-1.11.1.min.js,/python/weak-lock-out-mechanism/static/js/jquery-1.11.1.min.js,/java/xss-dom/src/main/resources/static/js/jquery-1.11.1.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery-1.11.1.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery-1.11.1.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-injections/src/main/resources/static/js/jquery-1.11.1.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery-1.11.1.min.js,/java/formula-injection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/file-upload/src/main/resources/static/js/jquery-1.11.1.min.js,/java/url-redirection/src/main/resources/static/js/jquery-1.11.1.min.js,/java/lfi2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/info-leakeage-metadata/static/js/jquery-1.11.1.min.js,/java/parameter-binding/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-3/static/js/jquery-1.11.1.min.js,/python/Formula-injection/static/js/jquery-1.11.1.min.js,/java/cmd-blind/src/main/resources/static/js/jquery-1.11.1.min.js,/python/XXE/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass/static/js/jquery-1.11.1.min.js,/java/xss-stored/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass/static/js/jquery-1.11.1.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery-1.11.1.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Unreferenced-files/static/js/jquery-1.11.1.min.js,/python/Ldap-injection-harder/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-1/static/js/jquery-1.11.1.min.js,/python/RaceCondition-file-write/static/js/jquery-1.11.1.min.js,/python/ratelimiting/static/js/jquery-1.11.1.min.js,/python/CSRF-weak/static/js/jquery-1.11.1.min.js,/java/cors/src/main/resources/static/js/jquery-1.11.1.min.js,/python/LFI-3/static/js/jquery-1.11.1.min.js,/java/des-java/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-secret/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Session-Management-1/static/js/jquery-1.11.1.min.js,/python/DNS-rebinding/static/js/jquery-1.11.1.min.js,/python/SSRF/static/js/jquery-1.11.1.min.js,/python/XSS/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-DOS/static/js/jquery-1.11.1.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/Auth-bypass-simple/static/js/jquery-1.11.1.min.js,/python/CMD2/static/js/jquery-1.11.1.min.js,/python/CMD-Blind/static/js/jquery-1.11.1.min.js,/java/xss-dom2/src/main/resources/static/js/jquery-1.11.1.min.js,/python/client-side-restriction-bypass-2/static/js/jquery-1.11.1.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery-1.11.1.min.js,/python/JWT-null/static/js/jquery-1.11.1.min.js,/python/SQLI-login-bypass/static/js/jquery-1.11.1.min.js,/java/ssti/src/main/resources/static/js/jquery-1.11.1.min.js,/python/credentials-guessing-1/static/js/jquery-1.11.1.min.js,/nodeJs/Graphql-IDOR/static/js/jquery-1.11.1.min.js,/python/IDOR/static/js/jquery-1.11.1.min.js,/java/csrf/src/main/resources/static/js/jquery-1.11.1.min.js,/java/jwt-null/src/main/resources/static/js/jquery-1.11.1.min.js,/python/http-response-splitting/static/js/jquery-1.11.1.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - 3.0.0

PyYAML-3.13.tar.gz: 3 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: /python/DES-Pickle/requirements.txt

Path to vulnerable library: /python/DES-Pickle/requirements.txt,/python/DES-Yaml/requirements.txt

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (PyYAML version) Remediation Possible**
CVE-2020-1747 Critical 9.8 PyYAML-3.13.tar.gz Direct pyyaml - 5.3.1
CVE-2020-14343 Critical 9.8 PyYAML-3.13.tar.gz Direct 5.4
CVE-2017-18342 Critical 9.8 PyYAML-3.13.tar.gz Direct PyYAML - 5.1

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-1747

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: /python/DES-Pickle/requirements.txt

Path to vulnerable library: /python/DES-Pickle/requirements.txt,/python/DES-Yaml/requirements.txt

Dependency Hierarchy:

  • PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Publish Date: 2020-03-24

URL: CVE-2020-1747

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6757-jp84-gxfx

Release Date: 2020-03-24

Fix Resolution: pyyaml - 5.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-14343

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: /python/DES-Pickle/requirements.txt

Path to vulnerable library: /python/DES-Pickle/requirements.txt,/python/DES-Yaml/requirements.txt

Dependency Hierarchy:

  • PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Publish Date: 2021-02-09

URL: CVE-2020-14343

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343

Release Date: 2021-02-09

Fix Resolution: 5.4

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2017-18342

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: /python/DES-Pickle/requirements.txt

Path to vulnerable library: /python/DES-Pickle/requirements.txt,/python/DES-Yaml/requirements.txt

Dependency Hierarchy:

  • PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Publish Date: 2018-06-27

URL: CVE-2017-18342

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342

Release Date: 2018-06-27

Fix Resolution: PyYAML - 5.1

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

spring-boot-starter-web-2.2.0.RELEASE.jar: 48 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-web-2.2.0.RELEASE.jar

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-web version) Remediation Possible**
CVE-2016-1000027 Critical 9.8 spring-web-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2024-22262 High 8.1 spring-web-5.2.0.RELEASE.jar Transitive 3.0.0
CVE-2024-22259 High 8.1 spring-web-5.2.0.RELEASE.jar Transitive 3.0.0
CVE-2024-22243 High 8.1 spring-web-5.2.0.RELEASE.jar Transitive 3.0.0
CVE-2021-22118 High 7.8 spring-web-5.2.0.RELEASE.jar Transitive 2.3.11.RELEASE
CVE-2024-38816 High 7.5 spring-webmvc-5.2.0.RELEASE.jar Transitive 3.2.10
CVE-2024-34750 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 3.0.0
CVE-2024-24549 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 3.0.0
CVE-2024-23672 High 7.5 tomcat-embed-websocket-9.0.27.jar Transitive 3.0.0
CVE-2023-46589 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.7.18
CVE-2023-44487 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.7.17
CVE-2023-24998 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.5.15
CVE-2022-42252 High 7.5 tomcat-embed-core-9.0.27.jar Transitive N/A*
CVE-2022-42004 High 7.5 jackson-databind-2.10.0.jar Transitive 2.6.0
CVE-2022-42003 High 7.5 jackson-databind-2.10.0.jar Transitive 2.6.0
CVE-2021-46877 High 7.5 jackson-databind-2.10.0.jar Transitive 2.5.8
CVE-2021-41079 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.3.10.RELEASE
CVE-2021-25122 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.3.9.RELEASE
CVE-2020-5398 High 7.5 spring-web-5.2.0.RELEASE.jar Transitive 2.2.3.RELEASE
CVE-2020-36518 High 7.5 jackson-databind-2.10.0.jar Transitive 2.5.15
CVE-2020-25649 High 7.5 jackson-databind-2.10.0.jar Transitive 2.3.0.RELEASE
CVE-2020-17527 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.2.12.RELEASE
CVE-2020-13935 High 7.5 tomcat-embed-websocket-9.0.27.jar Transitive 2.2.9.RELEASE
CVE-2020-13934 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.2.9.RELEASE
CVE-2020-11996 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.2.8.RELEASE
CVE-2019-17563 High 7.5 tomcat-embed-core-9.0.27.jar Transitive 2.2.3.RELEASE
CVE-2021-25329 High 7.0 tomcat-embed-core-9.0.27.jar Transitive 2.3.9.RELEASE
CVE-2020-9484 High 7.0 tomcat-embed-core-9.0.27.jar Transitive 2.2.8.RELEASE
CVE-2019-12418 High 7.0 tomcat-embed-core-9.0.27.jar Transitive 2.2.2.RELEASE
CVE-2024-38809 Medium 6.5 spring-web-5.2.0.RELEASE.jar Transitive 3.0.0
CVE-2021-30640 Medium 6.5 tomcat-embed-core-9.0.27.jar Transitive 2.3.11.RELEASE
CVE-2020-5421 Medium 6.5 spring-web-5.2.0.RELEASE.jar Transitive 2.2.10.RELEASE
CVE-2023-41080 Medium 6.1 tomcat-embed-core-9.0.27.jar Transitive 2.7.16
CVE-2023-1932 Medium 6.1 hibernate-validator-6.0.17.Final.jar Transitive 2.3.0.RELEASE
CVE-2019-10219 Medium 6.1 hibernate-validator-6.0.17.Final.jar Transitive 2.2.1.RELEASE
CVE-2021-24122 Medium 5.9 tomcat-embed-core-9.0.27.jar Transitive 2.2.12.RELEASE
CVE-2024-21733 Medium 5.3 tomcat-embed-core-9.0.27.jar Transitive 2.3.10.RELEASE
CVE-2023-45648 Medium 5.3 tomcat-embed-core-9.0.27.jar Transitive 2.7.17
CVE-2023-42795 Medium 5.3 tomcat-embed-core-9.0.27.jar Transitive 2.7.17
CVE-2021-33037 Medium 5.3 tomcat-embed-core-9.0.27.jar Transitive 2.4.8
CVE-2020-5397 Medium 5.3 detected in multiple dependencies Transitive 2.2.3.RELEASE
CVE-2020-10693 Medium 5.3 hibernate-validator-6.0.17.Final.jar Transitive 2.2.8.RELEASE
CVE-2020-1935 Medium 4.8 tomcat-embed-core-9.0.27.jar Transitive 2.2.5.RELEASE
CVE-2023-28708 Medium 4.3 tomcat-embed-core-9.0.27.jar Transitive 2.5.15
CVE-2021-22096 Medium 4.3 detected in multiple dependencies Transitive 2.4.0
CVE-2021-22060 Medium 4.3 spring-web-5.2.0.RELEASE.jar Transitive 2.4.0
CVE-2020-13943 Medium 4.3 tomcat-embed-core-9.0.27.jar Transitive 2.2.10.RELEASE
CVE-2021-43980 Low 3.7 tomcat-embed-core-9.0.27.jar Transitive 2.5.13

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (20 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2016-1000027

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.

Publish Date: 2020-01-02

URL: CVE-2016-1000027

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4wrc-f8pq-fpqp

Release Date: 2020-01-02

Fix Resolution (org.springframework:spring-web): 5.2.23.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.4.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-22262

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-04-16

URL: CVE-2024-22262

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22262

Release Date: 2024-04-16

Fix Resolution (org.springframework:spring-web): 5.3.34

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-22259

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-03-16

URL: CVE-2024-22259

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22259

Release Date: 2024-03-16

Fix Resolution (org.springframework:spring-web): 5.3.33

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-22243

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Publish Date: 2024-02-23

URL: CVE-2024-22243

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22243

Release Date: 2024-02-23

Fix Resolution (org.springframework:spring-web): 5.3.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-22118

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Publish Date: 2021-05-27

URL: CVE-2021-22118

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2021-22118

Release Date: 2021-05-27

Fix Resolution (org.springframework:spring-web): 5.2.15.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.11.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-38816

Vulnerable Library - spring-webmvc-5.2.0.RELEASE.jar

Spring Web MVC

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-webmvc-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  • the web application uses RouterFunctions to serve static resources
  • resource handling is explicitly configured with a FileSystemResource location

However, malicious requests are blocked and rejected when any of the following is true:

Publish Date: 2024-09-13

URL: CVE-2024-38816

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38816

Release Date: 2024-09-13

Fix Resolution (org.springframework:spring-webmvc): 6.1.13

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.10

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-34750

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Publish Date: 2024-07-03

URL: CVE-2024-34750

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

Release Date: 2024-07-03

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.90

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-24549

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-24549

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Release Date: 2024-03-13

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.86

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-23672

Vulnerable Library - tomcat-embed-websocket-9.0.27.jar

Core Tomcat implementation

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-websocket-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Publish Date: 2024-03-13

URL: CVE-2024-23672

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-03-13

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-websocket): 9.0.86

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-46589

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Publish Date: 2023-11-28

URL: CVE-2023-46589

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-11.html

Release Date: 2023-11-28

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.83

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.18

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-44487

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Publish Date: 2023-10-10

URL: CVE-2023-44487

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487

Release Date: 2023-10-10

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.81

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.17

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-24998

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.

Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.

Publish Date: 2023-02-20

URL: CVE-2023-24998

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-10.html

Release Date: 2023-02-20

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.71

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.15

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-42252

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

Publish Date: 2022-11-01

URL: CVE-2022-42252

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p22x-g9px-3945

Release Date: 2022-11-01

Fix Resolution: org.apache.tomcat:tomcat:8.5.83,9.0.68,10.0.27,10.1.1

CVE-2022-42004

Vulnerable Library - jackson-databind-2.10.0.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • jackson-databind-2.10.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.7.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.6.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-42003

Vulnerable Library - jackson-databind-2.10.0.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • jackson-databind-2.10.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Mend Note: For 2.13.4.x, the vulnerability is fixed in 2.13.4.1. A micro-patch was added in 2.13.4.2 to address issues for Gradle users.

Publish Date: 2022-10-02

URL: CVE-2022-42003

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jjjh-jjxp-wpff

Release Date: 2022-10-02

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.7.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.6.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-46877

Vulnerable Library - jackson-databind-2.10.0.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • jackson-databind-2.10.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

Publish Date: 2023-03-18

URL: CVE-2021-46877

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2021-46877

Release Date: 2023-03-18

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.6

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-41079

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Publish Date: 2021-09-16

URL: CVE-2021-41079

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-10.html

Release Date: 2021-09-16

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.44

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.10.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25122

Vulnerable Library - tomcat-embed-core-9.0.27.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-tomcat-2.2.0.RELEASE.jar
      • tomcat-embed-core-9.0.27.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

Publish Date: 2021-03-01

URL: CVE-2021-25122

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E

Release Date: 2021-03-01

Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.43

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.9.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5398

Vulnerable Library - spring-web-5.2.0.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /java/des-yaml/pom.xml

Path to vulnerable library: /java/des-yaml/pom.xml,/java/ssti/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • spring-web-5.2.0.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Publish Date: 2020-01-16

URL: CVE-2020-5398

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2020-5398

Release Date: 2020-01-16

Fix Resolution (org.springframework:spring-web): 5.2.3.RELEASE

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.2.3.RELEASE

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36518

Vulnerable Library - jackson-databind-2.10.0.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /java/ssti/pom.xml

Path to vulnerable library: /java/ssti/pom.xml,/java/des-yaml/pom.xml

Dependency Hierarchy:

  • spring-boot-starter-web-2.2.0.RELEASE.jar (Root Library)
    • spring-boot-starter-json-2.2.0.RELEASE.jar
      • jackson-databind-2.10.0.jar (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.

Publish Date: 2022-03-11

URL: CVE-2020-36518

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-03-11

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.6.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.15

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

jquery-rails-4.3.3.gem: 1 vulnerabilities (highest severity is: 6.9)

Vulnerable Library - jquery-rails-4.3.3.gem

This gem provides jQuery and the jQuery-ujs driver for your Rails 4+ application.

Library home page: https://rubygems.org/gems/jquery-rails-4.3.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/jquery-rails-4.3.3.gem

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jquery-rails version) Remediation Possible**
CVE-2020-11023 Medium 6.9 jquery-rails-4.3.3.gem Direct jquery - 3.5.0;jquery-rails - 4.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-rails-4.3.3.gem

This gem provides jQuery and the jQuery-ujs driver for your Rails 4+ application.

Library home page: https://rubygems.org/gems/jquery-rails-4.3.3.gem

Path to dependency file: /ruby/parameter-binding/Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/jquery-rails-4.3.3.gem

Dependency Hierarchy:

  • jquery-rails-4.3.3.gem (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

angular-1.5.0.js: 7 vulnerabilities (highest severity is: 8.6)

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (angular version) Remediation Possible**
WS-2017-0113 High 8.6 angular-1.5.0.js Direct angular - 1.6.0
CVE-2019-10768 High 7.5 angular-1.5.0.js Direct angularjs - 1.7.9
CVE-2020-7676 Medium 5.4 angular-1.5.0.js Direct 1.8.0
CVE-2023-26118 Medium 5.3 angular-1.5.0.js Direct N/A
CVE-2023-26117 Medium 5.3 angular-1.5.0.js Direct N/A
CVE-2023-26116 Medium 5.3 angular-1.5.0.js Direct N/A
CVE-2022-25869 Medium 4.2 angular-1.5.0.js Direct N/A

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2017-0113

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

angular.js is vulnerable to XSS. This happens since an attacker can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

Publish Date: 2016-11-02

URL: WS-2017-0113

CVSS 3 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2016-11-02

Fix Resolution: angular - 1.6.0

CVE-2019-10768

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Mend Note: After conducting further research, Mend has determined that versions 1.4.0-beta.6 before 1.7.9 of angular are vulnerable to CVE-2019-10768. Converted from WS-2019-0367, on 2021-07-21.

Publish Date: 2019-11-19

URL: CVE-2019-10768

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-11-19

Fix Resolution: angularjs - 1.7.9

CVE-2020-7676

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code. Publish Date: 2020-06-08 URL: CVE-2020-7676 CVSS 3 Score Details (5.4) Base Score Metrics: Exploitability Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Impact Metrics: Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None For more information on CVSS3 Scores, click here. Suggested Fix Type: Upgrade version Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676 Release Date: 2020-06-08 Fix Resolution: 1.8.0 CVE-2023-26118 Vulnerable Library - angular-1.5.0.js AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction. Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js Path to dependency file: /java/csti/src/main/resources/templates/index.html Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html Dependency Hierarchy: :x: angular-1.5.0.js (Vulnerable Library) Found in HEAD commit: dbff332 Found in base branch: master Vulnerability Details Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Publish Date: 2023-03-30

URL: CVE-2023-26118

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2023-26117

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Publish Date: 2023-03-30

URL: CVE-2023-26117

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2023-26116

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Publish Date: 2023-03-30

URL: CVE-2023-26116

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2022-25869

Vulnerable Library - angular-1.5.0.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.0/angular.js

Path to dependency file: /java/csti/src/main/resources/templates/index.html

Path to vulnerable library: /java/csti/src/main/resources/templates/index.html,/python/CSTI/templates/index.html

Dependency Hierarchy:

  • angular-1.5.0.js (Vulnerable Library)

Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab

Found in base branch: master

Vulnerability Details

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Publish Date: 2022-07-15

URL: CVE-2022-25869

CVSS 3 Score Details (4.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.