--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: dillinger/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-dillinger' of Deployment 'RELEASE-NAME-dillinger' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-dillinger' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-dillinger' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-dillinger' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-dillinger' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-dillinger' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/dillinger:v3.39.1 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | curl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://ubuntu.com/security/notices/USN-5359-2
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| #### Container: Node.js **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | acorn | GHSA-6chw-6frg-f759 | HIGH | 5.7.3 | 5.7.4, 7.1.1, 6.4.1 |
Expand...https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488
| | acorn | GHSA-6chw-6frg-f759 | HIGH | 7.1.0 | 5.7.4, 7.1.1, 6.4.1 |
Expand...https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488
| | ajv | CVE-2020-15366 | MEDIUM | 6.10.2 | 6.12.3 |
Expand...https://access.redhat.com/security/cve/CVE-2020-15366
https://errata.almalinux.org/8/ALSA-2021-0551.html
https://github.com/advisories/GHSA-v88g-cgmw-v5xw
https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
https://github.com/ajv-validator/ajv/tags
https://hackerone.com/bugs?subject=user&report_id=894259
https://linux.oracle.com/cve/CVE-2020-15366.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-15366
https://snyk.io/vuln/SNYK-JS-AJV-584908
| | angular | CVE-2020-7676 | MEDIUM | 1.7.9 | 1.8.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676
https://github.com/advisories/GHSA-mhp6-pxh8-r675
https://github.com/angular/angular.js/pull/17028
https://github.com/angular/angular.js/pull/17028,
https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-7676
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
| | angular | CVE-2022-25844 | MEDIUM | 1.7.9 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-25844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844
https://github.com/advisories/GHSA-m2h2-264f-f486
https://nvd.nist.gov/vuln/detail/CVE-2022-25844
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
| | angular | GHSA-5cp4-xmrw-59wf | MEDIUM | 1.7.9 | 1.8.0 |
Expand...https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/advisories/GHSA-5cp4-xmrw-59wf
https://github.com/advisories/GHSA-mhp6-pxh8-r675
https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
https://www.oracle.com/security-alerts/cpuapr2022.html
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
https://www.oracle.com/security-alerts/cpuapr2022.html
| | async | CVE-2021-43138 | HIGH | 2.6.3 | 2.6.4, 3.2.2 |
Expand...https://github.com/advisories/GHSA-fwr7-v2mv-hh25
https://github.com/caolan/async/blob/master/lib/internal/iterator.js
https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js
https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264
https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2
https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d
https://github.com/caolan/async/compare/v2.6.3...v2.6.4
https://github.com/caolan/async/pull/1828
https://jsfiddle.net/oz5twjd9/
https://nvd.nist.gov/vuln/detail/CVE-2021-43138
| | base64url | NSWG-ECO-428 | HIGH | 0.0.6 | >=3.0.0 |
Expand...https://github.com/brianloveswords/base64url/pull/25
https://hackerone.com/reports/321687
| | base64url | GHSA-rvg8-pwq2-xj7q | MEDIUM | 0.0.6 | 3.0.0 |
Expand...https://github.com/advisories/GHSA-rvg8-pwq2-xj7q
https://github.com/brianloveswords/base64url/pull/25
https://hackerone.com/reports/321687
https://www.npmjs.com/advisories/658
| | base64url | NSWG-ECO-428 | HIGH | 1.0.6 | >=3.0.0 |
Expand...https://github.com/brianloveswords/base64url/pull/25
https://hackerone.com/reports/321687
| | base64url | GHSA-rvg8-pwq2-xj7q | MEDIUM | 1.0.6 | 3.0.0 |
Expand...https://github.com/advisories/GHSA-rvg8-pwq2-xj7q
https://github.com/brianloveswords/base64url/pull/25
https://hackerone.com/reports/321687
https://www.npmjs.com/advisories/658
| | bl | CVE-2020-8244 | MEDIUM | 1.0.3 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
https://github.com/advisories/GHSA-pp7h-53gx-mx7r
https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466
https://hackerone.com/reports/966347
https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8244
https://ubuntu.com/security/notices/USN-5098-1
| | bl | CVE-2020-8244 | MEDIUM | 1.1.2 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
https://github.com/advisories/GHSA-pp7h-53gx-mx7r
https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466
https://hackerone.com/reports/966347
https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8244
https://ubuntu.com/security/notices/USN-5098-1
| | braces | CVE-2018-1109 | LOW | 1.8.5 | 2.3.1 |
Expand...https://access.redhat.com/security/cve/CVE-2018-1109
https://bugzilla.redhat.com/show_bug.cgi?id=1547272
https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
https://nvd.nist.gov/vuln/detail/CVE-2018-1109
https://snyk.io/vuln/npm:braces:20180219
| | braces | GHSA-g95f-p29q-9xw4 | LOW | 1.8.5 | 2.3.1 |
Expand...https://github.com/advisories/GHSA-g95f-p29q-9xw4
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
https://snyk.io/vuln/npm:braces:20180219
https://www.npmjs.com/advisories/786
| | deep-extend | CVE-2018-3750 | CRITICAL | 0.2.11 | 0.5.1 |
Expand...https://access.redhat.com/security/cve/CVE-2018-3750
https://errata.almalinux.org/8/ALSA-2021-0549.html
https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.2.11 | >=0.5.1 |
Expand...https://hackerone.com/reports/311333
| | ejs | CVE-2022-29078 | CRITICAL | 2.7.2 | 3.1.7 |
Expand...https://access.redhat.com/security/cve/CVE-2022-29078
https://eslam.io/posts/ejs-server-side-template-injection-rce/
https://github.com/advisories/GHSA-phwq-j96m-2c2q
https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf
https://github.com/mde/ejs/releases
https://nvd.nist.gov/vuln/detail/CVE-2022-29078
| | glob-parent | CVE-2020-28469 | HIGH | 2.0.0 | 5.1.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28469
https://github.com/advisories/GHSA-ww39-953v-wcq6
https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
https://github.com/gulpjs/glob-parent/pull/36
https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
https://linux.oracle.com/cve/CVE-2020-28469.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28469
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
https://www.oracle.com/security-alerts/cpujan2022.html
| | glob-parent | CVE-2020-28469 | HIGH | 5.1.0 | 5.1.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28469
https://github.com/advisories/GHSA-ww39-953v-wcq6
https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
https://github.com/gulpjs/glob-parent/pull/36
https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
https://linux.oracle.com/cve/CVE-2020-28469.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28469
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
https://www.oracle.com/security-alerts/cpujan2022.html
| | googleapis | GHSA-7543-mr7h-6v86 | HIGH | 2.1.7 | 39.1.0 |
Expand...https://github.com/advisories/GHSA-7543-mr7h-6v86
https://github.com/googleapis/google-api-nodejs-client/issues/1594
https://www.npmjs.com/advisories/791
| | hawk | CVE-2022-29167 | HIGH | 3.1.3 | 9.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-29167
https://github.com/advisories/GHSA-44pw-h2cw-w3vq
https://github.com/mozilla/hawk/pull/286
https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq
https://nvd.nist.gov/vuln/detail/CVE-2022-29167
| | highlight.js | CVE-2020-26237 | LOW | 8.9.1 | 10.1.2, 9.18.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-26237
https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
https://github.com/highlightjs/highlight.js/pull/2636
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html
https://nvd.nist.gov/vuln/detail/CVE-2020-26237
https://www.npmjs.com/package/highlight.js
| | highlight.js | GHSA-7wwv-vh3v-89cq | MEDIUM | 9.18.0 | 10.4.1 |
Expand...https://github.com/advisories/GHSA-7wwv-vh3v-89cq
https://github.com/highlightjs/highlight.js/commit/373b9d862401162e832ce77305e49b859e110f9c
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-7wwv-vh3v-89cq
https://www.npmjs.com/package/@highlightjs/cdn-assets
https://www.npmjs.com/package/highlight.js
| | highlight.js | CVE-2020-26237 | LOW | 9.18.0 | 10.1.2, 9.18.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-26237
https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
https://github.com/highlightjs/highlight.js/pull/2636
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html
https://nvd.nist.gov/vuln/detail/CVE-2020-26237
https://www.npmjs.com/package/highlight.js
| | hoek | CVE-2018-3728 | LOW | 2.16.3 | >=5.0.3 >=4.2.1 |
Expand...http://www.securityfocus.com/bid/103108
https://access.redhat.com/errata/RHSA-2018:1263
https://access.redhat.com/errata/RHSA-2018:1264
https://access.redhat.com/security/cve/CVE-2018-3728
https://github.com/advisories/GHSA-jp4x-w63m-7wgm
https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee
https://hackerone.com/reports/310439
https://nodesecurity.io/advisories/566
https://nvd.nist.gov/vuln/detail/CVE-2018-3728
https://snyk.io/vuln/npm:hoek:20180212
https://www.npmjs.com/advisories/566
| | hosted-git-info | CVE-2021-23362 | MEDIUM | 2.8.5 | 2.8.9, 3.0.8 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23362
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-3074.html
https://github.com/advisories/GHSA-43f8-2h32-f4cj
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://github.com/npm/hosted-git-info/commits/v2
https://github.com/npm/hosted-git-info/pull/76
https://linux.oracle.com/cve/CVE-2021-23362.html
https://linux.oracle.com/errata/ELSA-2021-3074.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23362
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
| | ini | CVE-2020-7788 | HIGH | 1.1.0 | 1.3.6 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
https://linux.oracle.com/cve/CVE-2020-7788.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7788
https://snyk.io/vuln/SNYK-JS-INI-1048974
https://www.npmjs.com/advisories/1589
| | jquery | CVE-2020-11022 | MEDIUM | 3.4.1 | 3.5.0 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
https://access.redhat.com/security/cve/CVE-2020-11022
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11022.html
https://linux.oracle.com/errata/ELSA-2022-9177.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.npmjs.com/advisories/1518
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-10
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| | jquery | CVE-2020-11023 | MEDIUM | 3.4.1 | 3.5.0 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://access.redhat.com/security/cve/CVE-2020-11023
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11023.html
https://linux.oracle.com/errata/ELSA-2022-9177.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3918
https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://linux.oracle.com/cve/CVE-2021-3918.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| | jsonpointer | CVE-2021-23807 | MEDIUM | 4.0.1 | 5.0.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23807
https://github.com/advisories/GHSA-282f-qqgm-c34q
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
https://github.com/janl/node-jsonpointer/pull/51
https://nvd.nist.gov/vuln/detail/CVE-2021-23807
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288
| | kind-of | CVE-2019-20149 | HIGH | 6.0.2 | 6.0.3 |
Expand...https://access.redhat.com/security/cve/CVE-2019-20149
https://github.com/advisories/GHSA-6c8f-qphg-qjgp
https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b
https://github.com/jonschlinkert/kind-of/issues/30
https://github.com/jonschlinkert/kind-of/pull/31
https://nvd.nist.gov/vuln/detail/CVE-2019-20149
https://snyk.io/vuln/SNYK-JS-KINDOF-537849
https://www.npmjs.com/advisories/1490
| | lodash | CVE-2019-10744 | CRITICAL | 3.10.1 | 4.17.12 |
Expand...https://access.redhat.com/errata/RHSA-2019:3024
https://access.redhat.com/security/cve/CVE-2019-10744
https://github.com/advisories/GHSA-jf85-cpcp-j695
https://github.com/lodash/lodash/pull/4336
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
https://security.netapp.com/advisory/ntap-20191004-0005/
https://snyk.io/vuln/SNYK-JS-LODASH-450202
https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
https://www.npmjs.com/advisories/1065
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| | lodash | CVE-2018-16487 | HIGH | 3.10.1 | >=4.17.11 |
Expand...https://access.redhat.com/security/cve/CVE-2018-16487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487
https://github.com/advisories/GHSA-4xc9-xhrj-v574
https://hackerone.com/reports/380873
https://nvd.nist.gov/vuln/detail/CVE-2018-16487
https://security.netapp.com/advisory/ntap-20190919-0004/
https://www.npmjs.com/advisories/782
| | lodash | CVE-2020-8203 | HIGH | 3.10.1 | 4.17.20 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8203
https://github.com/advisories/GHSA-p6mc-m468-83gw
https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
https://github.com/lodash/lodash/issues/4744
https://github.com/lodash/lodash/issues/4874
https://hackerone.com/reports/712065
https://nvd.nist.gov/vuln/detail/CVE-2020-8203
https://security.netapp.com/advisory/ntap-20200724-0006/
https://www.npmjs.com/advisories/1523
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2021-23337 | HIGH | 3.10.1 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2019-1010266 | MEDIUM | 3.10.1 | 4.17.11 |
Expand...https://access.redhat.com/security/cve/CVE-2019-1010266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
https://github.com/lodash/lodash/issues/3359
https://github.com/lodash/lodash/wiki/Changelog
https://nvd.nist.gov/vuln/detail/CVE-2019-1010266
https://security.netapp.com/advisory/ntap-20190919-0004/
https://snyk.io/vuln/SNYK-JS-LODASH-73639
| | lodash | CVE-2020-28500 | MEDIUM | 3.10.1 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
https://github.com/lodash/lodash/pull/5065
https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2018-3721 | LOW | 3.10.1 | >=4.17.5 |
Expand...https://access.redhat.com/security/cve/CVE-2018-3721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721
https://github.com/advisories/GHSA-fvqr-27wr-82fm
https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
https://hackerone.com/reports/310443
https://nvd.nist.gov/vuln/detail/CVE-2018-3721
https://security.netapp.com/advisory/ntap-20190919-0004/
https://snyk.io/vuln/npm:lodash:20180130
https://www.npmjs.com/advisories/577
| | lodash | CVE-2020-8203 | HIGH | 4.17.15 | 4.17.20 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8203
https://github.com/advisories/GHSA-p6mc-m468-83gw
https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
https://github.com/lodash/lodash/issues/4744
https://github.com/lodash/lodash/issues/4874
https://hackerone.com/reports/712065
https://nvd.nist.gov/vuln/detail/CVE-2020-8203
https://security.netapp.com/advisory/ntap-20200724-0006/
https://www.npmjs.com/advisories/1523
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2021-23337 | HIGH | 4.17.15 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | NSWG-ECO-516 | HIGH | 4.17.15 | >=4.17.19 |
Expand...https://github.com/lodash/lodash/pull/4759
https://hackerone.com/reports/712065
https://www.npmjs.com/advisories/1523
| | lodash | CVE-2020-28500 | MEDIUM | 4.17.15 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
https://github.com/lodash/lodash/pull/5065
https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash.template | CVE-2019-10744 | CRITICAL | 3.6.2 | 4.5.0 |
Expand...https://access.redhat.com/errata/RHSA-2019:3024
https://access.redhat.com/security/cve/CVE-2019-10744
https://github.com/advisories/GHSA-jf85-cpcp-j695
https://github.com/lodash/lodash/pull/4336
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
https://security.netapp.com/advisory/ntap-20191004-0005/
https://snyk.io/vuln/SNYK-JS-LODASH-450202
https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
https://www.npmjs.com/advisories/1065
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| | markdown-it | CVE-2022-21670 | MEDIUM | 4.4.0 | 12.3.2 |
Expand...https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
https://nvd.nist.gov/vuln/detail/CVE-2022-21670
| | marked | CVE-2022-21680 | HIGH | 0.8.0 | 4.0.10 |
Expand...https://access.redhat.com/security/cve/CVE-2022-21680
https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0
https://github.com/markedjs/marked/releases/tag/v4.0.10
https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf
https://nvd.nist.gov/vuln/detail/CVE-2022-21680
| | marked | CVE-2022-21681 | HIGH | 0.8.0 | 4.0.10 |
Expand...https://access.redhat.com/security/cve/CVE-2022-21681
https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5
https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj
https://nvd.nist.gov/vuln/detail/CVE-2022-21681
| | md-to-pdf | CVE-2021-23639 | CRITICAL | 3.0.0 | 5.0.0 |
Expand...https://github.com/advisories/GHSA-x949-7cm6-fm6p
https://github.com/simonhaenisch/md-to-pdf/commit/a716259c548c82fa1d3b14a3422e9100619d2d8a
https://github.com/simonhaenisch/md-to-pdf/issues/99
https://nvd.nist.gov/vuln/detail/CVE-2021-23639
https://snyk.io/vuln/SNYK-JS-MDTOPDF-1657880
| | mime | CVE-2017-16138 | MEDIUM | 1.3.4 | 2.0.3, 1.4.1 |
Expand...https://access.redhat.com/security/cve/CVE-2017-16138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138
https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x)
https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x)
https://github.com/broofa/node-mime/issues/167
https://nodesecurity.io/advisories/535
https://nvd.nist.gov/vuln/detail/CVE-2017-16138
https://www.npmjs.com/advisories/535
| | minimatch | CVE-2016-10540 | HIGH | 2.0.10 | 3.0.2 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10540
https://github.com/advisories/GHSA-hxm2-r34f-qmc5
https://nodesecurity.io/advisories/118
https://nvd.nist.gov/vuln/detail/CVE-2016-10540
https://www.npmjs.com/advisories/118
| | minimatch | NSWG-ECO-118 | HIGH | 2.0.10 | >=3.0.2 |
Expand...https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
| | minimist | CVE-2021-44906 | CRITICAL | 0.0.8 | 1.2.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
| | minimist | CVE-2020-7598 | MEDIUM | 0.0.8 | 1.2.3, 0.2.1 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-7598
https://errata.almalinux.org/8/ALSA-2020-2852.html
https://github.com/advisories/GHSA-vh95-rmgr-6w4m
https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
https://linux.oracle.com/cve/CVE-2020-7598.html
https://linux.oracle.com/errata/ELSA-2020-2852.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://www.npmjs.com/advisories/1179
| | minimist | CVE-2021-44906 | CRITICAL | 1.2.0 | 1.2.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
| | minimist | CVE-2020-7598 | MEDIUM | 1.2.0 | 1.2.3, 0.2.1 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-7598
https://errata.almalinux.org/8/ALSA-2020-2852.html
https://github.com/advisories/GHSA-vh95-rmgr-6w4m
https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
https://linux.oracle.com/cve/CVE-2020-7598.html
https://linux.oracle.com/errata/ELSA-2020-2852.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://www.npmjs.com/advisories/1179
| | node-fetch | CVE-2022-0235 | HIGH | 1.7.3 | 2.6.7, 3.1.1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0235
https://github.com/advisories/GHSA-r683-j2x4-v87g
https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
https://github.com/node-fetch/node-fetch/pull/1453
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
https://nvd.nist.gov/vuln/detail/CVE-2022-0235
| | node-fetch | CVE-2020-15168 | LOW | 1.7.3 | 3.0.0-beta.9, 2.6.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-15168
https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
https://nvd.nist.gov/vuln/detail/CVE-2020-15168
https://www.npmjs.com/package/node-fetch
| | node-forge | CVE-2020-7720 | HIGH | 0.7.6 | 0.10.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7720
https://github.com/advisories/GHSA-92xj-mqp7-vmcj
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
https://nvd.nist.gov/vuln/detail/CVE-2020-7720
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
| | node-forge | CVE-2022-24771 | HIGH | 0.7.6 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24771
https://github.com/advisories/GHSA-cfm4-qjh2-4765
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
https://nvd.nist.gov/vuln/detail/CVE-2022-24771
| | node-forge | CVE-2022-24772 | HIGH | 0.7.6 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24772
https://github.com/advisories/GHSA-x4jg-mjrx-434g
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g
https://nvd.nist.gov/vuln/detail/CVE-2022-24772
| | node-forge | CVE-2022-0122 | MEDIUM | 0.7.6 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
https://nvd.nist.gov/vuln/detail/CVE-2022-0122
| | node-forge | CVE-2022-24773 | MEDIUM | 0.7.6 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24773
https://github.com/advisories/GHSA-2r2c-g63r-vccr
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
https://nvd.nist.gov/vuln/detail/CVE-2022-24773
| | node-forge | GHSA-5rrq-pxf6-6jx5 | LOW | 0.7.6 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5
| | node-forge | GHSA-gf8q-jrpm-jvxq | LOW | 0.7.6 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq
| | node-forge | GHSA-wxgw-qj99-44c2 | LOW | 0.7.6 | 0.10.0 |
Expand...https://github.com/advisories/GHSA-wxgw-qj99-44c2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2
| | nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3803
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
| | parse-link-header | CVE-2021-23490 | HIGH | 0.4.1 | 2.0.0 |
Expand...https://github.com/advisories/GHSA-q674-xm3x-2926
https://github.com/thlorenz/parse-link-header/commit/72f05c717b3f129c5331a07bf300ed8886eb8ae1
https://nvd.nist.gov/vuln/detail/CVE-2021-23490
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2321973
https://snyk.io/vuln/SNYK-JS-PARSELINKHEADER-1582783
| | path-parse | CVE-2021-23343 | MEDIUM | 1.0.6 | 1.0.7 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23343.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
https://access.redhat.com/security/cve/CVE-2021-23343
https://errata.almalinux.org/8/ALSA-2021-3666.html
https://github.com/advisories/GHSA-hj48-42vr-x3v9
https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7
https://github.com/jbgutierrez/path-parse/issues/8
https://github.com/jbgutierrez/path-parse/pull/10
https://linux.oracle.com/cve/CVE-2021-23343.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23343
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
| | postcss | CVE-2021-23382 | MEDIUM | 5.0.21 | 7.0.36, 8.2.13 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23382
https://github.com/advisories/GHSA-566m-qj78-rww5
https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
https://github.com/postcss/postcss/releases/tag/7.0.36
https://nvd.nist.gov/vuln/detail/CVE-2021-23382
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
| | qs | CVE-2017-1000048 | HIGH | 5.2.1 | 6.3.2, 6.2.3, 6.1.2, 6.0.4 |
Expand...https://access.redhat.com/errata/RHSA-2017:2672
https://access.redhat.com/security/cve/CVE-2017-1000048
https://github.com/advisories/GHSA-gqgv-6jq5-jjj9
https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d
https://github.com/ljharb/qs/issues/200
https://nvd.nist.gov/vuln/detail/CVE-2017-1000048
https://snyk.io/vuln/npm:qs:20170213
https://www.npmjs.com/advisories/1469
| | request | CVE-2017-16026 | MEDIUM | 2.65.0 | 2.68.0, 2.68.0 |
Expand...https://access.redhat.com/security/cve/CVE-2017-16026
https://github.com/advisories/GHSA-7xfp-9c55-5vqj
https://github.com/request/request/issues/1904
https://github.com/request/request/pull/2018
https://nodesecurity.io/advisories/309
https://nvd.nist.gov/vuln/detail/CVE-2017-16026
https://www.npmjs.com/advisories/309
| | request | NSWG-ECO-309 | MEDIUM | 2.65.0 | >=2.68.0 |
Expand...https://github.com/request/request/issues/1904
https://github.com/request/request/pull/2018
| | set-getter | CVE-2021-25949 | CRITICAL | 0.1.0 | 0.1.1 |
Expand...https://github.com/advisories/GHSA-jv35-xqg7-f92r
https://github.com/doowb/set-getter/blob/5bc2750fe1c3db9651d936131be187744111378d/index.js#L56
https://github.com/doowb/set-getter/commit/66eb3f0d4686a4a8c7c3d6f7ecd8e570b580edc4
https://nvd.nist.gov/vuln/detail/CVE-2021-25949
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25949
| | tough-cookie | CVE-2016-1000232 | HIGH | 2.2.2 | >=2.3.0 |
Expand...https://access.redhat.com/errata/RHSA-2016:2101
https://access.redhat.com/errata/RHSA-2017:2912
https://access.redhat.com/security/cve/CVE-2016-1000232
https://access.redhat.com/security/cve/cve-2016-1000232
https://github.com/advisories/GHSA-qhv9-728r-6jqg
https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
https://nodesecurity.io/advisories/130
https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
https://www.npmjs.com/advisories/130
| | tough-cookie | CVE-2017-15010 | HIGH | 2.2.2 | 2.3.3 |
Expand...http://www.securityfocus.com/bid/101185
https://access.redhat.com/errata/RHSA-2017:2912
https://access.redhat.com/errata/RHSA-2017:2913
https://access.redhat.com/errata/RHSA-2018:1263
https://access.redhat.com/errata/RHSA-2018:1264
https://access.redhat.com/security/cve/CVE-2017-15010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
https://github.com/salesforce/tough-cookie/issues/92
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
https://nodesecurity.io/advisories/525
https://nvd.nist.gov/vuln/detail/CVE-2017-15010
https://snyk.io/vuln/npm:tough-cookie:20170905
https://www.npmjs.com/advisories/525
| | tunnel-agent | GHSA-xc7v-wxcw-j472 | MEDIUM | 0.4.3 | 0.6.0 |
Expand...https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
https://github.com/advisories/GHSA-xc7v-wxcw-j472
https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0
https://www.npmjs.com/advisories/598
| | tunnel-agent | NSWG-ECO-393 | MEDIUM | 0.4.3 | >=0.6.0 |
Expand...https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0
| | underscore | CVE-2021-23358 | HIGH | 1.9.1 | 1.12.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71
https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66
https://github.com/jashkenas/underscore/pull/2917
https://github.com/jashkenas/underscore/releases/tag/1.12.1
https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/
https://nvd.nist.gov/vuln/detail/CVE-2021-23358
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503
https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
https://ubuntu.com/security/notices/USN-4913-1
https://ubuntu.com/security/notices/USN-4913-2
https://www.debian.org/security/2021/dsa-4883
https://www.npmjs.com/package/underscore
https://www.tenable.com/security/tns-2021-14
| | ws | CVE-2021-32640 | MEDIUM | 6.1.4 | 5.2.3, 6.2.2, 7.4.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-32640
https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
https://security.netapp.com/advisory/ntap-20210706-0005/
| | y18n | CVE-2020-7774 | HIGH | 3.2.1 | 5.0.5, 4.0.1, 3.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7774
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-0551.html
https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| | yargs-parser | CVE-2020-7608 | MEDIUM | 4.2.1 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7608
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
|