---
hide:
- toc
---
# Security Overview
## Helm-Chart
##### Scan Results
#### Chart Object: overseerr/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Expand...
A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.allowPrivilegeEscalation' to false Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should add 'ALL' to 'securityContext.capabilities.drop' Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should add 'ALL' to 'securityContext.capabilities.drop' Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
Expand...
Enforcing CPU limits prevents DoS via resource exhaustion.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.limits.cpu' Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsNonRoot' to true Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsNonRoot' to true Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Expand...
When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.requests.cpu' Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
Expand...
When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.requests.memory' Expand...
https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016
Expand...
Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.privileged' to false Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
Expand...
Enforcing memory limits prevents DoS via resource exhaustion.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.limits.memory' Expand...
https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018
Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Expand...
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Expand...
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Expand...
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Expand...
HostPath volumes must be forbidden.
Deployment 'RELEASE-NAME-overseerr' should not set 'spec.template.volumes.hostPath' Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
Expand...
Containers should be forbidden from running with a root primary or supplementary GID.
Deployment 'RELEASE-NAME-overseerr' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0 Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
Expand...
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
Expand...
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
Expand...
https://access.redhat.com/security/cve/CVE-2022-0778
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9258.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
Expand...
https://access.redhat.com/security/cve/CVE-2022-0778
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9258.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
Expand...
https://access.redhat.com/security/cve/CVE-2022-0778
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9258.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
Expand...
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
Expand...
https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
Expand...
https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
Expand...
https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
Expand...
https://access.redhat.com/security/cve/CVE-2021-29060
https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
https://github.com/Qix-/color-string/releases/tag/1.5.5
https://github.com/advisories/GHSA-257v-vj4p-3w2h
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
https://github.com/yetingli/SaveResults/blob/main/js/color-string.js
https://nvd.nist.gov/vuln/detail/CVE-2021-29060
https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939
https://www.npmjs.com/package/color-string
Expand...
https://github.com/advisories/GHSA-r9p9-mrjm-926w
https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
https://github.com/indutny/elliptic/pull/244/commits
https://nvd.nist.gov/vuln/detail/CVE-2020-28498
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
https://www.npmjs.com/package/elliptic
Expand...
https://access.redhat.com/security/cve/CVE-2022-0155
https://github.com/advisories/GHSA-74fj-2j2h-c42q
https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
https://nvd.nist.gov/vuln/detail/CVE-2022-0155
Expand...
https://access.redhat.com/security/cve/CVE-2022-0536
https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445
https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db
https://nvd.nist.gov/vuln/detail/CVE-2022-0536
Expand...
https://access.redhat.com/security/cve/CVE-2020-28469
https://github.com/advisories/GHSA-ww39-953v-wcq6
https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
https://github.com/gulpjs/glob-parent/pull/36
https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
https://linux.oracle.com/cve/CVE-2020-28469.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28469
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
https://www.oracle.com/security-alerts/cpujan2022.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-3918
https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://linux.oracle.com/cve/CVE-2021-3918.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
Expand...
https://access.redhat.com/security/cve/CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2020-28500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
https://github.com/lodash/lodash/pull/5065
https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
Expand...
https://access.redhat.com/security/cve/CVE-2021-23566
https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
https://github.com/ai/nanoid/pull/328
https://nvd.nist.gov/vuln/detail/CVE-2021-23566
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Expand...
https://github.com/advisories/GHSA-25mp-g6fv-mqxx
https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264
https://github.com/vercel/next.js/pull/32080
https://github.com/vercel/next.js/releases/tag/v11.1.3
https://github.com/vercel/next.js/releases/v12.0.5
https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx
https://nvd.nist.gov/vuln/detail/CVE-2021-43803
Expand...
https://github.com/advisories/GHSA-fmvm-x8mv-47mj
https://github.com/vercel/next.js/pull/34075
https://github.com/vercel/next.js/releases/tag/v12.1.0
https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
https://nvd.nist.gov/vuln/detail/CVE-2022-23646
Expand...
https://access.redhat.com/security/cve/CVE-2022-0235
https://github.com/advisories/GHSA-r683-j2x4-v87g
https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
https://github.com/node-fetch/node-fetch/pull/1453
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
https://nvd.nist.gov/vuln/detail/CVE-2022-0235
Expand...
https://access.redhat.com/security/cve/CVE-2021-3803
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
Expand...
https://access.redhat.com/security/cve/CVE-2021-23343
https://github.com/advisories/GHSA-hj48-42vr-x3v9
https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7
https://github.com/jbgutierrez/path-parse/issues/8
https://github.com/jbgutierrez/path-parse/pull/10
https://linux.oracle.com/cve/CVE-2021-23343.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23343
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
Expand...
https://github.com/advisories/GHSA-6c9x-mj3g-h47x
https://nvd.nist.gov/vuln/detail/CVE-2021-46708
https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884
https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3
Expand...
https://github.com/advisories/GHSA-qrmm-w75w-3wpx
https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76
https://github.com/swagger-api/swagger-ui/issues/4872
https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
Expand...
https://access.redhat.com/security/cve/CVE-2021-32803
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-r628-mhmh-qjhw
https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
https://linux.oracle.com/cve/CVE-2021-32803.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32803
https://www.npmjs.com/advisories/1771
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-32804
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-3jfq-g458-7qm9
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
https://linux.oracle.com/cve/CVE-2021-32804.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32804
https://www.npmjs.com/advisories/1770
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37701
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://linux.oracle.com/cve/CVE-2021-37701.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37712
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://linux.oracle.com/cve/CVE-2021-37712.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37713
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-32803
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-r628-mhmh-qjhw
https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
https://linux.oracle.com/cve/CVE-2021-32803.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32803
https://www.npmjs.com/advisories/1771
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-32804
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-3jfq-g458-7qm9
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
https://linux.oracle.com/cve/CVE-2021-32804.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32804
https://www.npmjs.com/advisories/1770
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37701
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://linux.oracle.com/cve/CVE-2021-37701.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37712
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://linux.oracle.com/cve/CVE-2021-37712.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/security/cve/CVE-2021-37713
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html