--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: wiki/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV013 | Image tag ':latest' used | LOW |
Expand... It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should specify an image tag
|
Expand...https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
| | Kubernetes Security Check | KSV013 | Image tag ':latest' used | LOW |
Expand... It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should specify an image tag
|
Expand...https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM |
Expand... A program inside the container can bypass Seccomp protection policies.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should specify a seccomp profile
|
Expand...https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
| | Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM |
Expand... A program inside the container can bypass Seccomp protection policies.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should specify a seccomp profile
|
Expand...https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-wiki' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wiki' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-wiki' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| #### Container: tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951 (alpine 3.11.12) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42379 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42380 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42381 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42382 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42383 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42384 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42385 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42386 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | busybox | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | openssh | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | openssh-client | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | openssh-keygen | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | openssh-server | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | openssh-server-common | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | openssh-sftp-server | CVE-2021-41617 | HIGH | 8.1_p1-r0 | 8.1_p1-r1 |
Expand...https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2021-4782.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
| | ssl_client | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42379 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42380 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42381 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42382 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42383 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42384 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Expand...https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Expand...https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | apollo-server | GHSA-qm7x-rc44-rrqw | HIGH | 2.18.2 | 3.4.1, 2.25.3 |
Expand...https://github.com/advisories/GHSA-qm7x-rc44-rrqw
https://github.com/apollographql/apollo-server/security/advisories/GHSA-qm7x-rc44-rrqw
| | aws-sdk | CVE-2020-28472 | CRITICAL | 2.778.0 | 2.814.0 |
Expand...https://github.com/advisories/GHSA-rrc9-gqf8-8rwg
https://github.com/aws/aws-sdk-js-v3/commit/a209082dff913939672bb069964b33aa4c5409a9
https://github.com/aws/aws-sdk-js/pull/3585/commits/7d72aff2a941173733fcb6741b104cd83d3bc611
https://nvd.nist.gov/vuln/detail/CVE-2020-28472
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1059426
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059425
https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424
https://snyk.io/vuln/SNYK-JS-AWSSDKSHAREDINIFILELOADER-1049304
| | css-what | CVE-2021-33587 | HIGH | 4.0.0 | 5.0.1 |
Expand...https://github.com/advisories/GHSA-q8pj-2vqx-8ggc
https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
https://github.com/fb55/css-what/releases/tag/v5.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33587
https://security.netapp.com/advisory/ntap-20210706-0007/
| | express-brute | GHSA-984p-xq9m-4rjw | MEDIUM | 1.0.1 | |
Expand...https://github.com/AdamPflug/express-brute/issues/46
https://github.com/advisories/GHSA-984p-xq9m-4rjw
https://snyk.io/vuln/SNYK-JS-EXPRESSBRUTE-174457
https://www.npmjs.com/advisories/823
| | highlight.js | GHSA-7wwv-vh3v-89cq | MEDIUM | 10.2.1 | 10.4.1 |
Expand...https://github.com/advisories/GHSA-7wwv-vh3v-89cq
https://github.com/highlightjs/highlight.js/commit/373b9d862401162e832ce77305e49b859e110f9c
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-7wwv-vh3v-89cq
https://www.npmjs.com/package/@highlightjs/cdn-assets
https://www.npmjs.com/package/highlight.js
| | highlight.js | GHSA-7wwv-vh3v-89cq | MEDIUM | 10.3.1 | 10.4.1 |
Expand...https://github.com/advisories/GHSA-7wwv-vh3v-89cq
https://github.com/highlightjs/highlight.js/commit/373b9d862401162e832ce77305e49b859e110f9c
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-7wwv-vh3v-89cq
https://www.npmjs.com/package/@highlightjs/cdn-assets
https://www.npmjs.com/package/highlight.js
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Expand...https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| | node-fetch | CVE-2020-15168 | MEDIUM | 1.7.3 | 3.0.0-beta.9, 2.6.1 |
Expand...https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
https://nvd.nist.gov/vuln/detail/CVE-2020-15168
https://www.npmjs.com/package/node-fetch
| | node-uuid | CVE-2015-8851 | HIGH | 1.4.1 | >=1.4.4 |
Expand...http://www.openwall.com/lists/oss-security/2016/04/13/8
https://bugzilla.redhat.com/show_bug.cgi?id=1327056
https://github.com/advisories/GHSA-265q-28rp-chq5
https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
https://github.com/broofa/node-uuid/issues/108
https://github.com/broofa/node-uuid/issues/122
https://nodesecurity.io/advisories/93
https://nvd.nist.gov/vuln/detail/CVE-2015-8851
https://www.npmjs.com/advisories/93
| | nodemailer | CVE-2020-7769 | CRITICAL | 6.4.14 | 6.4.16 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769
https://github.com/advisories/GHSA-48ww-j4fc-435p
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js#L75
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
https://nvd.nist.gov/vuln/detail/CVE-2020-7769
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
https://www.npmjs.com/package/nodemailer
| | objection | CVE-2021-3766 | CRITICAL | 2.2.3 | 2.2.16 |
Expand...https://github.com/Vincit/objection.js/commit/46b842a6bc897198b83f41ac85c92864b991d7e9
https://github.com/advisories/GHSA-r659-8xfp-j327
https://github.com/vincit/objection.js/commit/b41aab8dcd78f426f7468dcda541a7aca18a66a6
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc
https://nvd.nist.gov/vuln/detail/CVE-2021-3766
| | passport-oauth2 | CVE-2021-41580 | MEDIUM | 1.2.0 | 1.6.1 |
Expand...https://github.com/advisories/GHSA-f794-r6xc-hf3v
https://github.com/jaredhanson/passport-oauth2/commit/8e3bcdff145a2219033bd782fc517229fe3e05ea
https://github.com/jaredhanson/passport-oauth2/compare/v1.6.0...v1.6.1
https://github.com/jaredhanson/passport-oauth2/pull/144
https://medium.com/passportjs/no-access-token-no-service-7fb017c9e262
https://nvd.nist.gov/vuln/detail/CVE-2021-41580
| | passport-oauth2 | CVE-2021-41580 | MEDIUM | 1.5.0 | 1.6.1 |
Expand...https://github.com/advisories/GHSA-f794-r6xc-hf3v
https://github.com/jaredhanson/passport-oauth2/commit/8e3bcdff145a2219033bd782fc517229fe3e05ea
https://github.com/jaredhanson/passport-oauth2/compare/v1.6.0...v1.6.1
https://github.com/jaredhanson/passport-oauth2/pull/144
https://medium.com/passportjs/no-access-token-no-service-7fb017c9e262
https://nvd.nist.gov/vuln/detail/CVE-2021-41580
| | passport-saml | CVE-2021-39171 | HIGH | 1.3.5 | 3.1.0 |
Expand...https://github.com/advisories/GHSA-5379-r78w-42h2
https://github.com/node-saml/passport-saml/pull/595
https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2
https://nvd.nist.gov/vuln/detail/CVE-2021-39171
| | ssh2 | CVE-2020-26301 | CRITICAL | 0.8.9 | 1.4.0 |
Expand...https://github.com/advisories/GHSA-652h-xwhf-q4h6
https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21
https://nvd.nist.gov/vuln/detail/CVE-2020-26301
https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/
https://www.npmjs.com/package/ssh2
| | striptags | CVE-2021-32696 | MEDIUM | 3.1.1 | 3.2.0 |
Expand...https://github.com/advisories/GHSA-qxg5-2qff-p49r
https://github.com/ericnorris/striptags/commit/f252a6b0819499cd65403707ebaf5cc925f2faca
https://github.com/ericnorris/striptags/releases/tag/v3.2.0
https://github.com/ericnorris/striptags/security/advisories/GHSA-qxg5-2qff-p49r
https://nvd.nist.gov/vuln/detail/CVE-2021-32696
https://www.npmjs.com/package/striptags
| | tar | CVE-2021-32803 | HIGH | 2.2.2 | 6.1.2, 5.0.7, 4.4.15, 3.2.3 |
Expand...https://github.com/advisories/GHSA-r628-mhmh-qjhw
https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
https://linux.oracle.com/cve/CVE-2021-32803.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32803
https://www.npmjs.com/advisories/1771
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-32804 | HIGH | 2.2.2 | 6.1.1, 5.0.6, 4.4.14, 3.2.2 |
Expand...https://github.com/advisories/GHSA-3jfq-g458-7qm9
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
https://linux.oracle.com/cve/CVE-2021-32804.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32804
https://www.npmjs.com/advisories/1770
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37701 | HIGH | 2.2.2 | 6.1.7, 5.0.8, 4.4.16 |
Expand...https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Expand...https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Expand...https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | underscore | CVE-2021-23358 | HIGH | 1.6.0 | 1.12.1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71
https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66
https://github.com/jashkenas/underscore/pull/2917
https://github.com/jashkenas/underscore/releases/tag/1.12.1
https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/
https://nvd.nist.gov/vuln/detail/CVE-2021-23358
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503
https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
https://ubuntu.com/security/notices/USN-4913-1
https://ubuntu.com/security/notices/USN-4913-2
https://www.debian.org/security/2021/dsa-4883
https://www.npmjs.com/package/underscore
https://www.tenable.com/security/tns-2021-14
| | underscore | CVE-2021-23358 | HIGH | 1.8.3 | 1.12.1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71
https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66
https://github.com/jashkenas/underscore/pull/2917
https://github.com/jashkenas/underscore/releases/tag/1.12.1
https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/
https://nvd.nist.gov/vuln/detail/CVE-2021-23358
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503
https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
https://ubuntu.com/security/notices/USN-4913-1
https://ubuntu.com/security/notices/USN-4913-2
https://www.debian.org/security/2021/dsa-4883
https://www.npmjs.com/package/underscore
https://www.tenable.com/security/tns-2021-14
| | ws | CVE-2021-32640 | MEDIUM | 7.4.5 | 5.2.3, 6.2.2, 7.4.6 |
Expand...https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
| | xmldom | CVE-2021-21366 | MEDIUM | 0.1.31 | 0.5.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366
https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
https://github.com/xmldom/xmldom/releases/tag/0.5.0
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
https://nvd.nist.gov/vuln/detail/CVE-2021-21366
https://www.npmjs.com/package/xmldom
| | xmldom | CVE-2021-32796 | MEDIUM | 0.1.31 | |
Expand...https://github.com/advisories/GHSA-5fg8-2547-mr8q
https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/blog/securing-xml-implementations-across-the-web/
https://nvd.nist.gov/vuln/detail/CVE-2021-32796
https://www.npmjs.com/package/@xmldom/xmldom
|