--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: grocy/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-grocy' of Deployment 'RELEASE-NAME-grocy' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-grocy' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-grocy' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-grocy' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-grocy' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-grocy' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-grocy' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/grocy:v3.1.3@sha256:ffd978ec1a4cb51733120a7466ee6ef8d38567ea5f66a9273b8408f407302cfb ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| #### Container: Node.js **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bootbox | GHSA-87mg-h5r3-hw88 | MEDIUM | 5.5.2 | |
Expand...https://github.com/advisories/GHSA-87mg-h5r3-hw88
https://github.com/makeusabrew/bootbox/issues/661
https://hackerone.com/reports/508446
https://www.npmjs.com/advisories/882
| | bootstrap | CVE-2018-14041 | MEDIUM | 4.0.0 | 4.1.2, 3.4.0 |
Expand...http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
https://access.redhat.com/errata/RHSA-2019:1456
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/advisories/GHSA-pj7m-g53m-7638
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26627
https://github.com/twbs/bootstrap/pull/26630
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-14041
https://seclists.org/bugtraq/2019/May/18
https://typo3.org/security/advisory/typo3-core-sa-2019-006
https://www.oracle.com/security-alerts/cpuApr2021.html
| | bootstrap | CVE-2019-8331 | MEDIUM | 4.0.0 | 3.4.1, 4.3.1 |
Expand...http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.securityfocus.com/bid/107375
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331
https://github.com/advisories/GHSA-9v3m-8fp8-mj99
https://github.com/advisories/GHSA-fxwm-579q-49qq
https://github.com/advisories/GHSA-wh77-3x4m-4q9g
https://github.com/twbs/bootstrap-sass/releases/tag/v3.4.1
https://github.com/twbs/bootstrap/pull/28236
https://github.com/twbs/bootstrap/releases/tag/v3.4.1
https://github.com/twbs/bootstrap/releases/tag/v4.3.1
https://linux.oracle.com/cve/CVE-2019-8331.html
https://linux.oracle.com/errata/ELSA-2020-4847.html
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-8331
https://seclists.org/bugtraq/2019/May/18
https://support.f5.com/csp/article/K24383845
https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS
https://www.npmjs.com/advisories/891
https://www.oracle.com/security-alerts/cpuApr2021.html
| | chart.js | CVE-2020-7746 | HIGH | 2.7.1 | 2.9.4 |
Expand...https://github.com/advisories/GHSA-h68q-55jf-x68w
https://github.com/chartjs/Chart.js/pull/7920
https://nvd.nist.gov/vuln/detail/CVE-2020-7746
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374
https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716
| | datatables.net | CVE-2020-28458 | HIGH | 1.10.16 | 1.10.22 |
Expand...https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03
https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766
https://github.com/advisories/GHSA-m7j4-fhg6-xf5v
https://nvd.nist.gov/vuln/detail/CVE-2020-28458
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806
| | datatables.net | CVE-2021-23445 | MEDIUM | 1.10.16 | 1.11.3 |
Expand...https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://github.com/advisories/GHSA-h73q-5wmj-q8pj
https://nvd.nist.gov/vuln/detail/CVE-2021-23445
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
| | jquery | CVE-2019-11358 | MEDIUM | 3.3.1 | >=3.4.0 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
https://github.com/advisories/GHSA-6c3j-c64m-qhgq
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
https://hackerone.com/reports/454365
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://linux.oracle.com/cve/CVE-2019-11358.html
https://linux.oracle.com/errata/ELSA-2020-4847.html
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20190919-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2020-02
| | jquery | CVE-2020-11022 | MEDIUM | 3.3.1 | 3.5.0 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11022.html
https://linux.oracle.com/errata/ELSA-2020-4847.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.npmjs.com/advisories/1518
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-10
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| | jquery | CVE-2020-11023 | MEDIUM | 3.3.1 | 3.5.0 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11023.html
https://linux.oracle.com/errata/ELSA-2021-9552.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Expand...https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://linux.oracle.com/cve/CVE-2021-3918.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| | moment | CVE-2017-18214 | HIGH | 2.18.1 | 2.19.3 |
Expand...https://github.com/advisories/GHSA-446m-mv8f-q348
https://github.com/moment/moment/issues/4163
https://github.com/moment/moment/pull/4326
https://nodesecurity.io/advisories/532
https://nvd.nist.gov/vuln/detail/CVE-2017-18214
https://www.npmjs.com/advisories/532
https://www.tenable.com/security/tns-2019-02
| | swagger-ui-dist | GHSA-qrmm-w75w-3wpx | MEDIUM | 3.52.5 | 4.1.3 |
Expand...https://github.com/advisories/GHSA-qrmm-w75w-3wpx
https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76
https://github.com/swagger-api/swagger-ui/issues/4872
https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
| **composer** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | illuminate/view | CVE-2021-43808 | MEDIUM | v8.70.2 | 6.20.42, 7.30.6, 8.75.0 |
Expand...https://github.com/advisories/GHSA-66hf-2p6w-jqfw
https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
https://github.com/laravel/framework/pull/39906
https://github.com/laravel/framework/pull/39908
https://github.com/laravel/framework/pull/39909
https://github.com/laravel/framework/releases/tag/v6.20.42
https://github.com/laravel/framework/releases/tag/v7.30.6
https://github.com/laravel/framework/releases/tag/v8.75.0
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
|