catalog/stable/pixapop/1.0.35/security.md

160 lines
121 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: pixapop/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-pixapop&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-pixapop&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-pixapop&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-pixapop&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-pixapop&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-pixapop&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
#### Container: Node.js
**node-pkg**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| acorn | GHSA-6chw-6frg-f759 | HIGH | 6.1.1 | 5.7.4, 7.1.1, 6.4.1 | <details><summary>Expand...</summary><a href="https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802">https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802</a><br><a href="https://github.com/acornjs/acorn/issues/929">https://github.com/acornjs/acorn/issues/929</a><br><a href="https://github.com/advisories/GHSA-6chw-6frg-f759">https://github.com/advisories/GHSA-6chw-6frg-f759</a><br><a href="https://snyk.io/vuln/SNYK-JS-ACORN-559469">https://snyk.io/vuln/SNYK-JS-ACORN-559469</a><br><a href="https://www.npmjs.com/advisories/1488">https://www.npmjs.com/advisories/1488</a><br></details> |
| ansi-html | CVE-2021-23424 | HIGH | 0.0.7 | | <details><summary>Expand...</summary><a href="https://github.com/Tjatse/ansi-html/issues/19">https://github.com/Tjatse/ansi-html/issues/19</a><br><a href="https://github.com/advisories/GHSA-whgm-jr23-g3j9">https://github.com/advisories/GHSA-whgm-jr23-g3j9</a><br><a href="https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69">https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23424">https://nvd.nist.gov/vuln/detail/CVE-2021-23424</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198</a><br><a href="https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849">https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849</a><br></details> |
| ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 | <details><summary>Expand...</summary><a href="https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908">https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908</a><br><a href="https://github.com/advisories/GHSA-93q8-gq69-wqmw">https://github.com/advisories/GHSA-93q8-gq69-wqmw</a><br><a href="https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9">https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311">https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311</a><br><a href="https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774">https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774</a><br><a href="https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994">https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3807.html">https://linux.oracle.com/cve/CVE-2021-3807.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-5171.html">https://linux.oracle.com/errata/ELSA-2021-5171.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3807">https://nvd.nist.gov/vuln/detail/CVE-2021-3807</a><br></details> |
| browserslist | CVE-2021-23364 | MEDIUM | 4.4.2 | 4.16.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-w8qv-6jwh-64r5">https://github.com/advisories/GHSA-w8qv-6jwh-64r5</a><br><a href="https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474">https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474</a><br><a href="https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98">https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98</a><br><a href="https://github.com/browserslist/browserslist/pull/593">https://github.com/browserslist/browserslist/pull/593</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23364">https://nvd.nist.gov/vuln/detail/CVE-2021-23364</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182</a><br><a href="https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194">https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194</a><br></details> |
| color-string | CVE-2021-29060 | MEDIUM | 1.5.3 | 1.5.5 | <details><summary>Expand...</summary><a href="https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3">https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3</a><br><a href="https://github.com/Qix-/color-string/releases/tag/1.5.5">https://github.com/Qix-/color-string/releases/tag/1.5.5</a><br><a href="https://github.com/advisories/GHSA-257v-vj4p-3w2h">https://github.com/advisories/GHSA-257v-vj4p-3w2h</a><br><a href="https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md">https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md</a><br><a href="https://github.com/yetingli/SaveResults/blob/main/js/color-string.js">https://github.com/yetingli/SaveResults/blob/main/js/color-string.js</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-29060">https://nvd.nist.gov/vuln/detail/CVE-2021-29060</a><br><a href="https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939">https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939</a><br><a href="https://www.npmjs.com/package/color-string">https://www.npmjs.com/package/color-string</a><br></details> |
| dns-packet | CVE-2021-23386 | MEDIUM | 1.3.1 | 1.3.2, 5.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-3wcq-x3mq-6r9p">https://github.com/advisories/GHSA-3wcq-x3mq-6r9p</a><br><a href="https://github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2d">https://github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2d</a><br><a href="https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56">https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56</a><br><a href="https://hackerone.com/bugs?subject=user&amp;amp%3Breport_id=968858">https://hackerone.com/bugs?subject=user&amp;amp%3Breport_id=968858</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23386">https://nvd.nist.gov/vuln/detail/CVE-2021-23386</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719</a><br><a href="https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563">https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563</a><br></details> |
| dot-prop | CVE-2020-8116 | HIGH | 4.2.0 | 5.1.1, 4.2.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-ff7x-qrg7-qggm">https://github.com/advisories/GHSA-ff7x-qrg7-qggm</a><br><a href="https://github.com/sindresorhus/dot-prop/issues/63">https://github.com/sindresorhus/dot-prop/issues/63</a><br><a href="https://github.com/sindresorhus/dot-prop/tree/v4">https://github.com/sindresorhus/dot-prop/tree/v4</a><br><a href="https://hackerone.com/reports/719856">https://hackerone.com/reports/719856</a><br><a href="https://linux.oracle.com/cve/CVE-2020-8116.html">https://linux.oracle.com/cve/CVE-2020-8116.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0548.html">https://linux.oracle.com/errata/ELSA-2021-0548.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8116">https://nvd.nist.gov/vuln/detail/CVE-2020-8116</a><br></details> |
| elliptic | CVE-2020-13822 | HIGH | 6.4.1 | 6.5.3 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-vh7m-p724-62c2">https://github.com/advisories/GHSA-vh7m-p724-62c2</a><br><a href="https://github.com/indutny/elliptic/issues/226">https://github.com/indutny/elliptic/issues/226</a><br><a href="https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4">https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-13822">https://nvd.nist.gov/vuln/detail/CVE-2020-13822</a><br><a href="https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484">https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484</a><br><a href="https://www.npmjs.com/package/elliptic">https://www.npmjs.com/package/elliptic</a><br><a href="https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/">https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/</a><br></details> |
| elliptic | CVE-2020-28498 | MEDIUM | 6.4.1 | 6.5.4 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-r9p9-mrjm-926w">https://github.com/advisories/GHSA-r9p9-mrjm-926w</a><br><a href="https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md">https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md</a><br><a href="https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f">https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f</a><br><a href="https://github.com/indutny/elliptic/pull/244/commits">https://github.com/indutny/elliptic/pull/244/commits</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28498">https://nvd.nist.gov/vuln/detail/CVE-2020-28498</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836</a><br><a href="https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899">https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899</a><br><a href="https://www.npmjs.com/package/elliptic">https://www.npmjs.com/package/elliptic</a><br></details> |
| follow-redirects | CVE-2022-0155 | MEDIUM | 1.7.0 | 1.14.7 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-74fj-2j2h-c42q">https://github.com/advisories/GHSA-74fj-2j2h-c42q</a><br><a href="https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22">https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22</a><br><a href="https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406">https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0155">https://nvd.nist.gov/vuln/detail/CVE-2022-0155</a><br></details> |
| glob-parent | CVE-2020-28469 | HIGH | 3.1.0 | 5.1.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-ww39-953v-wcq6">https://github.com/advisories/GHSA-ww39-953v-wcq6</a><br><a href="https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9">https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9</a><br><a href="https://github.com/gulpjs/glob-parent/pull/36">https://github.com/gulpjs/glob-parent/pull/36</a><br><a href="https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2">https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2</a><br><a href="https://linux.oracle.com/cve/CVE-2020-28469.html">https://linux.oracle.com/cve/CVE-2020-28469.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-5171.html">https://linux.oracle.com/errata/ELSA-2021-5171.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28469">https://nvd.nist.gov/vuln/detail/CVE-2020-28469</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092</a><br><a href="https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905">https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905</a><br></details> |
| hosted-git-info | CVE-2021-23362 | MEDIUM | 2.7.1 | 2.8.9, 3.0.8 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-43f8-2h32-f4cj">https://github.com/advisories/GHSA-43f8-2h32-f4cj</a><br><a href="https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7">https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7</a><br><a href="https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01">https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01</a><br><a href="https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3">https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3</a><br><a href="https://github.com/npm/hosted-git-info/commits/v2">https://github.com/npm/hosted-git-info/commits/v2</a><br><a href="https://github.com/npm/hosted-git-info/pull/76">https://github.com/npm/hosted-git-info/pull/76</a><br><a href="https://linux.oracle.com/cve/CVE-2021-23362.html">https://linux.oracle.com/cve/CVE-2021-23362.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3074.html">https://linux.oracle.com/errata/ELSA-2021-3074.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23362">https://nvd.nist.gov/vuln/detail/CVE-2021-23362</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356</a><br><a href="https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355">https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355</a><br></details> |
| http-proxy | GHSA-6x33-pw7p-hmpq | HIGH | 1.17.0 | 1.18.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-6x33-pw7p-hmpq">https://github.com/advisories/GHSA-6x33-pw7p-hmpq</a><br><a href="https://github.com/http-party/node-http-proxy/pull/1447/files">https://github.com/http-party/node-http-proxy/pull/1447/files</a><br><a href="https://www.npmjs.com/advisories/1486">https://www.npmjs.com/advisories/1486</a><br></details> |
| ini | CVE-2020-7788 | HIGH | 1.3.5 | 1.3.6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788</a><br><a href="https://github.com/advisories/GHSA-qqgx-2p2h-9c37">https://github.com/advisories/GHSA-qqgx-2p2h-9c37</a><br><a href="https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1">https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1</a><br><a href="https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)">https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7788.html">https://linux.oracle.com/cve/CVE-2020-7788.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-5171.html">https://linux.oracle.com/errata/ELSA-2021-5171.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html">https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7788">https://nvd.nist.gov/vuln/detail/CVE-2020-7788</a><br><a href="https://snyk.io/vuln/SNYK-JS-INI-1048974">https://snyk.io/vuln/SNYK-JS-INI-1048974</a><br><a href="https://www.npmjs.com/advisories/1589">https://www.npmjs.com/advisories/1589</a><br></details> |
| is-svg | CVE-2021-28092 | HIGH | 3.0.0 | 4.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-7r28-3m3f-r2pr">https://github.com/advisories/GHSA-7r28-3m3f-r2pr</a><br><a href="https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b">https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b</a><br><a href="https://github.com/sindresorhus/is-svg/releases">https://github.com/sindresorhus/is-svg/releases</a><br><a href="https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2">https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28092">https://nvd.nist.gov/vuln/detail/CVE-2021-28092</a><br><a href="https://security.netapp.com/advisory/ntap-20210513-0008/">https://security.netapp.com/advisory/ntap-20210513-0008/</a><br><a href="https://www.npmjs.com/package/is-svg">https://www.npmjs.com/package/is-svg</a><br></details> |
| is-svg | CVE-2021-29059 | HIGH | 3.0.0 | 4.3.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-r8j5-h5cx-65gg">https://github.com/advisories/GHSA-r8j5-h5cx-65gg</a><br><a href="https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02">https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02</a><br><a href="https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0">https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0</a><br><a href="https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md">https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md</a><br><a href="https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js">https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-29059">https://nvd.nist.gov/vuln/detail/CVE-2021-29059</a><br><a href="https://www.npmjs.com/package/is-svg">https://www.npmjs.com/package/is-svg</a><br></details> |
| js-yaml | GHSA-8j8c-7jfh-h6hx | HIGH | 3.12.2 | 3.13.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-8j8c-7jfh-h6hx">https://github.com/advisories/GHSA-8j8c-7jfh-h6hx</a><br><a href="https://github.com/nodeca/js-yaml/pull/480">https://github.com/nodeca/js-yaml/pull/480</a><br><a href="https://www.npmjs.com/advisories/813">https://www.npmjs.com/advisories/813</a><br></details> |
| js-yaml | GHSA-2pr6-76vf-7546 | MEDIUM | 3.12.2 | 3.13.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-2pr6-76vf-7546">https://github.com/advisories/GHSA-2pr6-76vf-7546</a><br><a href="https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235">https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235</a><br><a href="https://github.com/nodeca/js-yaml/issues/475">https://github.com/nodeca/js-yaml/issues/475</a><br><a href="https://snyk.io/vuln/SNYK-JS-JSYAML-173999">https://snyk.io/vuln/SNYK-JS-JSYAML-173999</a><br><a href="https://www.npmjs.com/advisories/788">https://www.npmjs.com/advisories/788</a><br><a href="https://www.npmjs.com/advisories/788/versions">https://www.npmjs.com/advisories/788/versions</a><br></details> |
| kind-of | CVE-2019-20149 | HIGH | 6.0.2 | 6.0.3 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-6c8f-qphg-qjgp">https://github.com/advisories/GHSA-6c8f-qphg-qjgp</a><br><a href="https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b">https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b</a><br><a href="https://github.com/jonschlinkert/kind-of/issues/30">https://github.com/jonschlinkert/kind-of/issues/30</a><br><a href="https://github.com/jonschlinkert/kind-of/pull/31">https://github.com/jonschlinkert/kind-of/pull/31</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20149">https://nvd.nist.gov/vuln/detail/CVE-2019-20149</a><br><a href="https://snyk.io/vuln/SNYK-JS-KINDOF-537849">https://snyk.io/vuln/SNYK-JS-KINDOF-537849</a><br><a href="https://www.npmjs.com/advisories/1490">https://www.npmjs.com/advisories/1490</a><br></details> |
| lodash | CVE-2019-10744 | CRITICAL | 4.17.11 | 4.17.12 | <details><summary>Expand...</summary><a href="https://access.redhat.com/errata/RHSA-2019:3024">https://access.redhat.com/errata/RHSA-2019:3024</a><br><a href="https://github.com/advisories/GHSA-jf85-cpcp-j695">https://github.com/advisories/GHSA-jf85-cpcp-j695</a><br><a href="https://github.com/lodash/lodash/pull/4336">https://github.com/lodash/lodash/pull/4336</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10744">https://nvd.nist.gov/vuln/detail/CVE-2019-10744</a><br><a href="https://security.netapp.com/advisory/ntap-20191004-0005/">https://security.netapp.com/advisory/ntap-20191004-0005/</a><br><a href="https://snyk.io/vuln/SNYK-JS-LODASH-450202">https://snyk.io/vuln/SNYK-JS-LODASH-450202</a><br><a href="https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;amp;utm_medium=RSS">https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;amp;utm_medium=RSS</a><br><a href="https://www.npmjs.com/advisories/1065">https://www.npmjs.com/advisories/1065</a><br><a href="https://www.oracle.com/security-alerts/cpujan2021.html">https://www.oracle.com/security-alerts/cpujan2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2020.html">https://www.oracle.com/security-alerts/cpuoct2020.html</a><br></details> |
| lodash | CVE-2020-8203 | HIGH | 4.17.11 | 4.17.19 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-p6mc-m468-83gw">https://github.com/advisories/GHSA-p6mc-m468-83gw</a><br><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12">https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12</a><br><a href="https://github.com/lodash/lodash/issues/4744">https://github.com/lodash/lodash/issues/4744</a><br><a href="https://github.com/lodash/lodash/issues/4874">https://github.com/lodash/lodash/issues/4874</a><br><a href="https://hackerone.com/reports/712065">https://hackerone.com/reports/712065</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8203">https://nvd.nist.gov/vuln/detail/CVE-2020-8203</a><br><a href="https://security.netapp.com/advisory/ntap-20200724-0006/">https://security.netapp.com/advisory/ntap-20200724-0006/</a><br><a href="https://www.npmjs.com/advisories/1523">https://www.npmjs.com/advisories/1523</a><br><a href="https://www.oracle.com//security-alerts/cpujul2021.html">https://www.oracle.com//security-alerts/cpujul2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| lodash | CVE-2021-23337 | HIGH | 4.17.11 | 4.17.21 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337</a><br><a href="https://github.com/advisories/GHSA-35jh-r3h4-6jhm">https://github.com/advisories/GHSA-35jh-r3h4-6jhm</a><br><a href="https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851">https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851</a><br><a href="https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851">https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851</a><br><a href="https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c">https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23337">https://nvd.nist.gov/vuln/detail/CVE-2021-23337</a><br><a href="https://security.netapp.com/advisory/ntap-20210312-0006/">https://security.netapp.com/advisory/ntap-20210312-0006/</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932">https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929</a><br><a href="https://snyk.io/vuln/SNYK-JS-LODASH-1040724">https://snyk.io/vuln/SNYK-JS-LODASH-1040724</a><br><a href="https://www.oracle.com//security-alerts/cpujul2021.html">https://www.oracle.com//security-alerts/cpujul2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| lodash | CVE-2020-28500 | MEDIUM | 4.17.11 | 4.17.21 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500</a><br><a href="https://github.com/advisories/GHSA-29mw-wpgm-hmr9">https://github.com/advisories/GHSA-29mw-wpgm-hmr9</a><br><a href="https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8">https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8</a><br><a href="https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8">https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8</a><br><a href="https://github.com/lodash/lodash/pull/5065">https://github.com/lodash/lodash/pull/5065</a><br><a href="https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7">https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28500">https://nvd.nist.gov/vuln/detail/CVE-2020-28500</a><br><a href="https://security.netapp.com/advisory/ntap-20210312-0006/">https://security.netapp.com/advisory/ntap-20210312-0006/</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896">https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893</a><br><a href="https://snyk.io/vuln/SNYK-JS-LODASH-1018905">https://snyk.io/vuln/SNYK-JS-LODASH-1018905</a><br><a href="https://www.oracle.com//security-alerts/cpujul2021.html">https://www.oracle.com//security-alerts/cpujul2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| mem | GHSA-4xcv-9jjx-gfj3 | MEDIUM | 1.1.0 | 4.0.0 | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1623744">https://bugzilla.redhat.com/show_bug.cgi?id=1623744</a><br><a href="https://github.com/advisories/GHSA-4xcv-9jjx-gfj3">https://github.com/advisories/GHSA-4xcv-9jjx-gfj3</a><br><a href="https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b">https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b</a><br><a href="https://snyk.io/vuln/npm:mem:20180117">https://snyk.io/vuln/npm:mem:20180117</a><br><a href="https://www.npmjs.com/advisories/1084">https://www.npmjs.com/advisories/1084</a><br></details> |
| minimist | CVE-2020-7598 | MEDIUM | 0.0.8 | 1.2.3, 0.2.1 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html">http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html</a><br><a href="https://github.com/advisories/GHSA-vh95-rmgr-6w4m">https://github.com/advisories/GHSA-vh95-rmgr-6w4m</a><br><a href="https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab">https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab</a><br><a href="https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95">https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95</a><br><a href="https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94">https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7598.html">https://linux.oracle.com/cve/CVE-2020-7598.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-2852.html">https://linux.oracle.com/errata/ELSA-2020-2852.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7598">https://nvd.nist.gov/vuln/detail/CVE-2020-7598</a><br><a href="https://snyk.io/vuln/SNYK-JS-MINIMIST-559764">https://snyk.io/vuln/SNYK-JS-MINIMIST-559764</a><br><a href="https://www.npmjs.com/advisories/1179">https://www.npmjs.com/advisories/1179</a><br></details> |
| minimist | CVE-2020-7598 | MEDIUM | 1.2.0 | 1.2.3, 0.2.1 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html">http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html</a><br><a href="https://github.com/advisories/GHSA-vh95-rmgr-6w4m">https://github.com/advisories/GHSA-vh95-rmgr-6w4m</a><br><a href="https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab">https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab</a><br><a href="https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95">https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95</a><br><a href="https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94">https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7598.html">https://linux.oracle.com/cve/CVE-2020-7598.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-2852.html">https://linux.oracle.com/errata/ELSA-2020-2852.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7598">https://nvd.nist.gov/vuln/detail/CVE-2020-7598</a><br><a href="https://snyk.io/vuln/SNYK-JS-MINIMIST-559764">https://snyk.io/vuln/SNYK-JS-MINIMIST-559764</a><br><a href="https://www.npmjs.com/advisories/1179">https://www.npmjs.com/advisories/1179</a><br></details> |
| mixin-deep | CVE-2019-10746 | CRITICAL | 1.3.1 | 2.0.1, 1.3.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-fhjf-83wg-r2j9">https://github.com/advisories/GHSA-fhjf-83wg-r2j9</a><br><a href="https://linux.oracle.com/cve/CVE-2019-10746.html">https://linux.oracle.com/cve/CVE-2019-10746.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0549.html">https://linux.oracle.com/errata/ELSA-2021-0549.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10746">https://nvd.nist.gov/vuln/detail/CVE-2019-10746</a><br><a href="https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212">https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212</a><br><a href="https://www.npmjs.com/advisories/1013">https://www.npmjs.com/advisories/1013</a><br></details> |
| node-forge | CVE-2020-7720 | HIGH | 0.7.5 | 0.10.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-92xj-mqp7-vmcj">https://github.com/advisories/GHSA-92xj-mqp7-vmcj</a><br><a href="https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md">https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md</a><br><a href="https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed">https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7720">https://nvd.nist.gov/vuln/detail/CVE-2020-7720</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293</a><br><a href="https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677">https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677</a><br></details> |
| node-forge | CVE-2022-0122 | MEDIUM | 0.7.5 | 1.0.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-8fr3-hfg3-gpgp">https://github.com/advisories/GHSA-8fr3-hfg3-gpgp</a><br><a href="https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e">https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e</a><br><a href="https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae">https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0122">https://nvd.nist.gov/vuln/detail/CVE-2022-0122</a><br></details> |
| node-forge | GHSA-5rrq-pxf6-6jx5 | LOW | 0.7.5 | 1.0.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-5rrq-pxf6-6jx5">https://github.com/advisories/GHSA-5rrq-pxf6-6jx5</a><br><a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5">https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5</a><br></details> |
| node-forge | GHSA-gf8q-jrpm-jvxq | LOW | 0.7.5 | 1.0.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-gf8q-jrpm-jvxq">https://github.com/advisories/GHSA-gf8q-jrpm-jvxq</a><br><a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq">https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq</a><br></details> |
| node-forge | GHSA-wxgw-qj99-44c2 | LOW | 0.7.5 | 0.10.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-wxgw-qj99-44c2">https://github.com/advisories/GHSA-wxgw-qj99-44c2</a><br><a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2">https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2</a><br></details> |
| node-notifier | CVE-2020-7789 | MEDIUM | 5.4.0 | 8.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-5fw9-fq32-wv5p">https://github.com/advisories/GHSA-5fw9-fq32-wv5p</a><br><a href="https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303">https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303</a><br><a href="https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce">https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7789">https://nvd.nist.gov/vuln/detail/CVE-2020-7789</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371</a><br><a href="https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794">https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794</a><br></details> |
| nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-rp65-9cf3-cjxr">https://github.com/advisories/GHSA-rp65-9cf3-cjxr</a><br><a href="https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726">https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726</a><br><a href="https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0">https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3803">https://nvd.nist.gov/vuln/detail/CVE-2021-3803</a><br></details> |
| object-path | CVE-2020-15256 | CRITICAL | 0.9.2 | 0.11.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-cwx2-736x-mf6w">https://github.com/advisories/GHSA-cwx2-736x-mf6w</a><br><a href="https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68">https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68</a><br><a href="https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w">https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15256">https://nvd.nist.gov/vuln/detail/CVE-2020-15256</a><br></details> |
| object-path | CVE-2021-23434 | HIGH | 0.9.2 | 0.11.6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434</a><br><a href="https://github.com/advisories/GHSA-v39p-96qg-c8rf">https://github.com/advisories/GHSA-v39p-96qg-c8rf</a><br><a href="https://github.com/mariocasciaro/object-path#0116">https://github.com/mariocasciaro/object-path#0116</a><br><a href="https://github.com/mariocasciaro/object-path%230116">https://github.com/mariocasciaro/object-path%230116</a><br><a href="https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb">https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23434">https://nvd.nist.gov/vuln/detail/CVE-2021-23434</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423</a><br><a href="https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453">https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453</a><br></details> |
| object-path | CVE-2021-3805 | HIGH | 0.9.2 | 0.11.8 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-8v63-cqqc-6r2c">https://github.com/advisories/GHSA-8v63-cqqc-6r2c</a><br><a href="https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6">https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6</a><br><a href="https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053">https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3805">https://nvd.nist.gov/vuln/detail/CVE-2021-3805</a><br></details> |
| path-parse | CVE-2021-23343 | HIGH | 1.0.6 | 1.0.7 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-hj48-42vr-x3v9">https://github.com/advisories/GHSA-hj48-42vr-x3v9</a><br><a href="https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7">https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7</a><br><a href="https://github.com/jbgutierrez/path-parse/issues/8">https://github.com/jbgutierrez/path-parse/issues/8</a><br><a href="https://github.com/jbgutierrez/path-parse/pull/10">https://github.com/jbgutierrez/path-parse/pull/10</a><br><a href="https://linux.oracle.com/cve/CVE-2021-23343.html">https://linux.oracle.com/cve/CVE-2021-23343.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3666.html">https://linux.oracle.com/errata/ELSA-2021-3666.html</a><br><a href="https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23343">https://nvd.nist.gov/vuln/detail/CVE-2021-23343</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028</a><br><a href="https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067">https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067</a><br></details> |
| postcss | CVE-2021-23382 | MEDIUM | 6.0.23 | 8.2.13 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-566m-qj78-rww5">https://github.com/advisories/GHSA-566m-qj78-rww5</a><br><a href="https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956">https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23382">https://nvd.nist.gov/vuln/detail/CVE-2021-23382</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641</a><br><a href="https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640">https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640</a><br></details> |
| postcss | CVE-2021-23368 | MEDIUM | 7.0.14 | 8.2.10, 7.0.36 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368</a><br><a href="https://github.com/advisories/GHSA-hwj9-h5mp-3pm3">https://github.com/advisories/GHSA-hwj9-h5mp-3pm3</a><br><a href="https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734">https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734</a><br><a href="https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4">https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4</a><br><a href="https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5">https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5</a><br><a href="https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E">https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E">https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23368">https://nvd.nist.gov/vuln/detail/CVE-2021-23368</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795</a><br><a href="https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595">https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595</a><br></details> |
| postcss | CVE-2021-23382 | MEDIUM | 7.0.14 | 8.2.13 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-566m-qj78-rww5">https://github.com/advisories/GHSA-566m-qj78-rww5</a><br><a href="https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956">https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23382">https://nvd.nist.gov/vuln/detail/CVE-2021-23382</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641</a><br><a href="https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640">https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640</a><br></details> |
| serialize-javascript | CVE-2020-7660 | HIGH | 1.6.1 | 3.1.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-hxcc-f52p-wc94">https://github.com/advisories/GHSA-hxcc-f52p-wc94</a><br><a href="https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd">https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7660">https://nvd.nist.gov/vuln/detail/CVE-2020-7660</a><br></details> |
| serialize-javascript | CVE-2019-16769 | MEDIUM | 1.6.1 | 2.1.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-h9rv-jmmf-4pgx">https://github.com/advisories/GHSA-h9rv-jmmf-4pgx</a><br><a href="https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx">https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16769">https://nvd.nist.gov/vuln/detail/CVE-2019-16769</a><br><a href="https://www.npmjs.com/advisories/1426">https://www.npmjs.com/advisories/1426</a><br></details> |
| set-value | CVE-2019-10747 | CRITICAL | 0.4.3 | 3.0.1, 2.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-4g88-fppr-53pp">https://github.com/advisories/GHSA-4g88-fppr-53pp</a><br><a href="https://linux.oracle.com/cve/CVE-2019-10747.html">https://linux.oracle.com/cve/CVE-2019-10747.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0549.html">https://linux.oracle.com/errata/ELSA-2021-0549.html</a><br><a href="https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E">https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10747">https://nvd.nist.gov/vuln/detail/CVE-2019-10747</a><br><a href="https://snyk.io/vuln/SNYK-JS-SETVALUE-450213">https://snyk.io/vuln/SNYK-JS-SETVALUE-450213</a><br><a href="https://www.npmjs.com/advisories/1012">https://www.npmjs.com/advisories/1012</a><br></details> |
| set-value | CVE-2021-23440 | CRITICAL | 0.4.3 | 2.0.1, 4.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-4jqc-8m5r-9rpr">https://github.com/advisories/GHSA-4jqc-8m5r-9rpr</a><br><a href="https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452">https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452</a><br><a href="https://github.com/jonschlinkert/set-value/pull/33">https://github.com/jonschlinkert/set-value/pull/33</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23440">https://nvd.nist.gov/vuln/detail/CVE-2021-23440</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212</a><br><a href="https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541">https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541</a><br><a href="https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/">https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/</a><br></details> |
| set-value | CVE-2019-10747 | CRITICAL | 2.0.0 | 3.0.1, 2.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-4g88-fppr-53pp">https://github.com/advisories/GHSA-4g88-fppr-53pp</a><br><a href="https://linux.oracle.com/cve/CVE-2019-10747.html">https://linux.oracle.com/cve/CVE-2019-10747.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0549.html">https://linux.oracle.com/errata/ELSA-2021-0549.html</a><br><a href="https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E">https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10747">https://nvd.nist.gov/vuln/detail/CVE-2019-10747</a><br><a href="https://snyk.io/vuln/SNYK-JS-SETVALUE-450213">https://snyk.io/vuln/SNYK-JS-SETVALUE-450213</a><br><a href="https://www.npmjs.com/advisories/1012">https://www.npmjs.com/advisories/1012</a><br></details> |
| set-value | CVE-2021-23440 | CRITICAL | 2.0.0 | 2.0.1, 4.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-4jqc-8m5r-9rpr">https://github.com/advisories/GHSA-4jqc-8m5r-9rpr</a><br><a href="https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452">https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452</a><br><a href="https://github.com/jonschlinkert/set-value/pull/33">https://github.com/jonschlinkert/set-value/pull/33</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23440">https://nvd.nist.gov/vuln/detail/CVE-2021-23440</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212</a><br><a href="https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541">https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541</a><br><a href="https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/">https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/</a><br></details> |
| sockjs | CVE-2020-7693 | MEDIUM | 0.3.19 | 0.3.20 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-c9g6-9335-x697">https://github.com/advisories/GHSA-c9g6-9335-x697</a><br><a href="https://github.com/andsnw/sockjs-dos-py">https://github.com/andsnw/sockjs-dos-py</a><br><a href="https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16">https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16</a><br><a href="https://github.com/sockjs/sockjs-node/issues/252">https://github.com/sockjs/sockjs-node/issues/252</a><br><a href="https://github.com/sockjs/sockjs-node/pull/265">https://github.com/sockjs/sockjs-node/pull/265</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7693">https://nvd.nist.gov/vuln/detail/CVE-2020-7693</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448</a><br><a href="https://snyk.io/vuln/SNYK-JS-SOCKJS-575261">https://snyk.io/vuln/SNYK-JS-SOCKJS-575261</a><br><a href="https://www.npmjs.com/package/sockjs">https://www.npmjs.com/package/sockjs</a><br></details> |
| ssri | CVE-2021-27290 | HIGH | 6.0.1 | 8.0.1, 7.1.1, 6.0.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290</a><br><a href="https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf">https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf</a><br><a href="https://github.com/advisories/GHSA-vx3p-948g-6vhq">https://github.com/advisories/GHSA-vx3p-948g-6vhq</a><br><a href="https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2">https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2</a><br><a href="https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1">https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1</a><br><a href="https://github.com/npm/ssri/pull/20#issuecomment-842677644">https://github.com/npm/ssri/pull/20#issuecomment-842677644</a><br><a href="https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf">https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf</a><br><a href="https://linux.oracle.com/cve/CVE-2021-27290.html">https://linux.oracle.com/cve/CVE-2021-27290.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3074.html">https://linux.oracle.com/errata/ELSA-2021-3074.html</a><br><a href="https://npmjs.com">https://npmjs.com</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27290">https://nvd.nist.gov/vuln/detail/CVE-2021-27290</a><br><a href="https://www.npmjs.com/package/ssri">https://www.npmjs.com/package/ssri</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| tar | CVE-2021-32803 | HIGH | 4.4.8 | 6.1.2, 5.0.7, 4.4.15, 3.2.3 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-r628-mhmh-qjhw">https://github.com/advisories/GHSA-r628-mhmh-qjhw</a><br><a href="https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20">https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20</a><br><a href="https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw">https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw</a><br><a href="https://linux.oracle.com/cve/CVE-2021-32803.html">https://linux.oracle.com/cve/CVE-2021-32803.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3666.html">https://linux.oracle.com/errata/ELSA-2021-3666.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32803">https://nvd.nist.gov/vuln/detail/CVE-2021-32803</a><br><a href="https://www.npmjs.com/advisories/1771">https://www.npmjs.com/advisories/1771</a><br><a href="https://www.npmjs.com/package/tar">https://www.npmjs.com/package/tar</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| tar | CVE-2021-32804 | HIGH | 4.4.8 | 6.1.1, 5.0.6, 4.4.14, 3.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-3jfq-g458-7qm9">https://github.com/advisories/GHSA-3jfq-g458-7qm9</a><br><a href="https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4">https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4</a><br><a href="https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9">https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9</a><br><a href="https://linux.oracle.com/cve/CVE-2021-32804.html">https://linux.oracle.com/cve/CVE-2021-32804.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3666.html">https://linux.oracle.com/errata/ELSA-2021-3666.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32804">https://nvd.nist.gov/vuln/detail/CVE-2021-32804</a><br><a href="https://www.npmjs.com/advisories/1770">https://www.npmjs.com/advisories/1770</a><br><a href="https://www.npmjs.com/package/tar">https://www.npmjs.com/package/tar</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| tar | CVE-2021-37701 | HIGH | 4.4.8 | 6.1.7, 5.0.8, 4.4.16 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-9r2w-394v-53qc">https://github.com/advisories/GHSA-9r2w-394v-53qc</a><br><a href="https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc">https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-37701">https://nvd.nist.gov/vuln/detail/CVE-2021-37701</a><br><a href="https://www.debian.org/security/2021/dsa-5008">https://www.debian.org/security/2021/dsa-5008</a><br><a href="https://www.npmjs.com/advisories/1779">https://www.npmjs.com/advisories/1779</a><br><a href="https://www.npmjs.com/package/tar">https://www.npmjs.com/package/tar</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| tar | CVE-2021-37712 | HIGH | 4.4.8 | 6.1.9, 5.0.10, 4.4.18 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-qq89-hq3f-393p">https://github.com/advisories/GHSA-qq89-hq3f-393p</a><br><a href="https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p">https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-37712">https://nvd.nist.gov/vuln/detail/CVE-2021-37712</a><br><a href="https://www.debian.org/security/2021/dsa-5008">https://www.debian.org/security/2021/dsa-5008</a><br><a href="https://www.npmjs.com/advisories/1780">https://www.npmjs.com/advisories/1780</a><br><a href="https://www.npmjs.com/package/tar">https://www.npmjs.com/package/tar</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| tar | CVE-2021-37713 | HIGH | 4.4.8 | 6.1.9, 5.0.10, 4.4.18 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-5955-9wpr-37jh">https://github.com/advisories/GHSA-5955-9wpr-37jh</a><br><a href="https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh">https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-37713">https://nvd.nist.gov/vuln/detail/CVE-2021-37713</a><br><a href="https://www.npmjs.com/package/tar">https://www.npmjs.com/package/tar</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| url-parse | CVE-2020-8124 | MEDIUM | 1.4.4 | 1.4.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-46c4-8wrp-j99v">https://github.com/advisories/GHSA-46c4-8wrp-j99v</a><br><a href="https://hackerone.com/reports/496293">https://hackerone.com/reports/496293</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8124">https://nvd.nist.gov/vuln/detail/CVE-2020-8124</a><br></details> |
| url-parse | CVE-2021-27515 | MEDIUM | 1.4.4 | 1.5.0 | <details><summary>Expand...</summary><a href="https://advisory.checkmarx.net/advisory/CX-2021-4306">https://advisory.checkmarx.net/advisory/CX-2021-4306</a><br><a href="https://github.com/advisories/GHSA-9m6j-fcg5-2442">https://github.com/advisories/GHSA-9m6j-fcg5-2442</a><br><a href="https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0">https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0</a><br><a href="https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0">https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0</a><br><a href="https://github.com/unshiftio/url-parse/pull/197">https://github.com/unshiftio/url-parse/pull/197</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27515">https://nvd.nist.gov/vuln/detail/CVE-2021-27515</a><br></details> |
| url-parse | CVE-2021-3664 | MEDIUM | 1.4.4 | 1.5.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-hh27-ffr2-f2jc">https://github.com/advisories/GHSA-hh27-ffr2-f2jc</a><br><a href="https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0">https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0</a><br><a href="https://github.com/unshiftio/url-parse/issues/205">https://github.com/unshiftio/url-parse/issues/205</a><br><a href="https://github.com/unshiftio/url-parse/issues/206">https://github.com/unshiftio/url-parse/issues/206</a><br><a href="https://huntr.dev/bounties/1625557993985-unshiftio/url-parse">https://huntr.dev/bounties/1625557993985-unshiftio/url-parse</a><br><a href="https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/">https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3664">https://nvd.nist.gov/vuln/detail/CVE-2021-3664</a><br></details> |
| websocket-extensions | CVE-2020-7662 | HIGH | 0.1.3 | 0.1.4 | <details><summary>Expand...</summary><a href="https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions">https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions</a><br><a href="https://github.com/advisories/GHSA-g78m-2chm-r7qv">https://github.com/advisories/GHSA-g78m-2chm-r7qv</a><br><a href="https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237">https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237</a><br><a href="https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv">https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7662">https://nvd.nist.gov/vuln/detail/CVE-2020-7662</a><br><a href="https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623">https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623</a><br></details> |
| y18n | CVE-2020-7774 | HIGH | 3.2.1 | 5.0.5, 4.0.1, 3.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-c4w7-xm78-47vh">https://github.com/advisories/GHSA-c4w7-xm78-47vh</a><br><a href="https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25">https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25</a><br><a href="https://github.com/yargs/y18n/issues/96">https://github.com/yargs/y18n/issues/96</a><br><a href="https://github.com/yargs/y18n/pull/108">https://github.com/yargs/y18n/pull/108</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7774.html">https://linux.oracle.com/cve/CVE-2020-7774.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0551.html">https://linux.oracle.com/errata/ELSA-2021-0551.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7774">https://nvd.nist.gov/vuln/detail/CVE-2020-7774</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306</a><br><a href="https://snyk.io/vuln/SNYK-JS-Y18N-1021887">https://snyk.io/vuln/SNYK-JS-Y18N-1021887</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br></details> |
| y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-c4w7-xm78-47vh">https://github.com/advisories/GHSA-c4w7-xm78-47vh</a><br><a href="https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25">https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25</a><br><a href="https://github.com/yargs/y18n/issues/96">https://github.com/yargs/y18n/issues/96</a><br><a href="https://github.com/yargs/y18n/pull/108">https://github.com/yargs/y18n/pull/108</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7774.html">https://linux.oracle.com/cve/CVE-2020-7774.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0551.html">https://linux.oracle.com/errata/ELSA-2021-0551.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7774">https://nvd.nist.gov/vuln/detail/CVE-2020-7774</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306</a><br><a href="https://snyk.io/vuln/SNYK-JS-Y18N-1021887">https://snyk.io/vuln/SNYK-JS-Y18N-1021887</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br></details> |
| yargs-parser | CVE-2020-7608 | MEDIUM | 10.1.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-p9pc-299p-vxgp">https://github.com/advisories/GHSA-p9pc-299p-vxgp</a><br><a href="https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2">https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7608.html">https://linux.oracle.com/cve/CVE-2020-7608.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0548.html">https://linux.oracle.com/errata/ELSA-2021-0548.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7608">https://nvd.nist.gov/vuln/detail/CVE-2020-7608</a><br><a href="https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381">https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381</a><br><a href="https://www.npmjs.com/advisories/1500">https://www.npmjs.com/advisories/1500</a><br></details> |
| yargs-parser | CVE-2020-7608 | MEDIUM | 11.1.1 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-p9pc-299p-vxgp">https://github.com/advisories/GHSA-p9pc-299p-vxgp</a><br><a href="https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2">https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7608.html">https://linux.oracle.com/cve/CVE-2020-7608.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0548.html">https://linux.oracle.com/errata/ELSA-2021-0548.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7608">https://nvd.nist.gov/vuln/detail/CVE-2020-7608</a><br><a href="https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381">https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381</a><br><a href="https://www.npmjs.com/advisories/1500">https://www.npmjs.com/advisories/1500</a><br></details> |
| yargs-parser | CVE-2020-7608 | MEDIUM | 7.0.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-p9pc-299p-vxgp">https://github.com/advisories/GHSA-p9pc-299p-vxgp</a><br><a href="https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2">https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7608.html">https://linux.oracle.com/cve/CVE-2020-7608.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0548.html">https://linux.oracle.com/errata/ELSA-2021-0548.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7608">https://nvd.nist.gov/vuln/detail/CVE-2020-7608</a><br><a href="https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381">https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381</a><br><a href="https://www.npmjs.com/advisories/1500">https://www.npmjs.com/advisories/1500</a><br></details> |
**composer**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| symfony/cache | CVE-2019-18889 | CRITICAL | v4.2.3 | 3.3.0, 3.4.0, 3.4.35, 4.1.0, 4.2.0, 4.2.12, 4.3.8, 3.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml</a><br><a href="https://github.com/advisories/GHSA-79gr-58r3-pwm3">https://github.com/advisories/GHSA-79gr-58r3-pwm3</a><br><a href="https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a">https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a</a><br><a href="https://github.com/symfony/symfony/releases/tag/v4.3.8">https://github.com/symfony/symfony/releases/tag/v4.3.8</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18889">https://nvd.nist.gov/vuln/detail/CVE-2019-18889</a><br><a href="https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances">https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances</a><br><a href="https://symfony.com/blog/symfony-4-3-8-released">https://symfony.com/blog/symfony-4-3-8-released</a><br><a href="https://symfony.com/cve-2019-18889">https://symfony.com/cve-2019-18889</a><br></details> |
| symfony/cache | CVE-2019-10912 | HIGH | v4.2.3 | 3.4.0, 3.4.26, 4.1.0, 4.1.12, 4.2.7, 3.2.0, 3.3.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml</a><br><a href="https://github.com/advisories/GHSA-w2fr-65vp-mxw3">https://github.com/advisories/GHSA-w2fr-65vp-mxw3</a><br><a href="https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b">https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10912">https://nvd.nist.gov/vuln/detail/CVE-2019-10912</a><br><a href="https://seclists.org/bugtraq/2019/May/21">https://seclists.org/bugtraq/2019/May/21</a><br><a href="https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized">https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized</a><br><a href="https://symfony.com/cve-2019-10912">https://symfony.com/cve-2019-10912</a><br><a href="https://typo3.org/security/advisory/typo3-core-sa-2019-016">https://typo3.org/security/advisory/typo3-core-sa-2019-016</a><br><a href="https://typo3.org/security/advisory/typo3-core-sa-2019-016/">https://typo3.org/security/advisory/typo3-core-sa-2019-016/</a><br><a href="https://www.debian.org/security/2019/dsa-4441">https://www.debian.org/security/2019/dsa-4441</a><br></details> |
| symfony/dependency-injection | CVE-2019-10910 | CRITICAL | v4.2.4 | 4.2.7, 2.7.51, 2.8.50, 3.4.26, 4.1.0, 4.1.12, 3.1.0, 3.2.0, 3.3.0, 3.4.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml</a><br><a href="https://github.com/advisories/GHSA-pgwj-prpq-jpc2">https://github.com/advisories/GHSA-pgwj-prpq-jpc2</a><br><a href="https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b">https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10910">https://nvd.nist.gov/vuln/detail/CVE-2019-10910</a><br><a href="https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid">https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid</a><br><a href="https://symfony.com/cve-2019-10910">https://symfony.com/cve-2019-10910</a><br><a href="https://www.drupal.org/SA-CORE-2019-005">https://www.drupal.org/SA-CORE-2019-005</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_19">https://www.synology.com/security/advisory/Synology_SA_19_19</a><br></details> |
| symfony/framework-bundle | CVE-2019-10909 | MEDIUM | v4.2.3 | 3.4.26, 4.1.0, 3.1.0, 3.3.0, 3.2.0, 3.4.0, 4.1.12, 4.2.7, 2.7.51, 2.8.50 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml</a><br><a href="https://github.com/advisories/GHSA-g996-q5r8-w7g2">https://github.com/advisories/GHSA-g996-q5r8-w7g2</a><br><a href="https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2">https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10909">https://nvd.nist.gov/vuln/detail/CVE-2019-10909</a><br><a href="https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine">https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine</a><br><a href="https://symfony.com/cve-2019-10909">https://symfony.com/cve-2019-10909</a><br><a href="https://www.drupal.org/SA-CORE-2019-005">https://www.drupal.org/SA-CORE-2019-005</a><br><a href="https://www.drupal.org/sa-core-2019-005">https://www.drupal.org/sa-core-2019-005</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_19">https://www.synology.com/security/advisory/Synology_SA_19_19</a><br></details> |
| symfony/http-foundation | CVE-2019-10913 | CRITICAL | v4.2.4 | 4.1.12, 4.2.7, 2.7.51, 4.1.0, 3.2.0, 3.3.0, 3.4.0, 3.4.26, 2.8.50, 3.1.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml</a><br><a href="https://github.com/advisories/GHSA-x92h-wmg2-6hp7">https://github.com/advisories/GHSA-x92h-wmg2-6hp7</a><br><a href="https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec">https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10913">https://nvd.nist.gov/vuln/detail/CVE-2019-10913</a><br><a href="https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides">https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides</a><br><a href="https://symfony.com/cve-2019-10913">https://symfony.com/cve-2019-10913</a><br></details> |
| symfony/http-foundation | CVE-2019-18888 | HIGH | v4.2.4 | 2.1.0, 2.2.0, 4.3.8, 2.5.0, 2.6.0, 2.7.0, 3.4.0, 4.2.12, 2.3.0, 2.4.0, 3.1.0, 3.3.0, 3.4.35, 4.1.0, 2.8.0, 2.8.52, 3.2.0, 4.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml</a><br><a href="https://github.com/advisories/GHSA-xhh6-956q-4q69">https://github.com/advisories/GHSA-xhh6-956q-4q69</a><br><a href="https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365">https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365</a><br><a href="https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5">https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5</a><br><a href="https://github.com/symfony/symfony/releases/tag/v4.3.8">https://github.com/symfony/symfony/releases/tag/v4.3.8</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18888">https://nvd.nist.gov/vuln/detail/CVE-2019-18888</a><br><a href="https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser">https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser</a><br><a href="https://symfony.com/blog/symfony-4-3-8-released">https://symfony.com/blog/symfony-4-3-8-released</a><br><a href="https://symfony.com/cve-2019-18888">https://symfony.com/cve-2019-18888</a><br></details> |
| symfony/http-kernel | CVE-2019-18887 | HIGH | v4.2.4 | 2.8.52, 4.1.0, 4.2.12, 3.1.0, 3.2.0, 3.4.0, 3.4.35, 2.4.0, 2.7.0, 2.8.0, 3.3.0, 4.3.8, 2.3.0, 2.5.0, 2.6.0, 4.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887</a><br><a href="https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb">https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb</a><br><a href="https://github.com/symfony/symfony/releases/tag/v4.3.8">https://github.com/symfony/symfony/releases/tag/v4.3.8</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/</a><br><a href="https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner">https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner</a><br><a href="https://symfony.com/blog/symfony-4-3-8-released">https://symfony.com/blog/symfony-4-3-8-released</a><br><a href="https://symfony.com/cve-2019-18887">https://symfony.com/cve-2019-18887</a><br></details> |
| symfony/var-exporter | CVE-2019-11325 | CRITICAL | v4.2.3 | 4.2.12, 4.3.8 | <details><summary>Expand...</summary><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml</a><br><a href="https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml">https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml</a><br><a href="https://github.com/advisories/GHSA-w4rc-rx25-8m86">https://github.com/advisories/GHSA-w4rc-rx25-8m86</a><br><a href="https://github.com/symfony/symfony/releases/tag/v4.3.8">https://github.com/symfony/symfony/releases/tag/v4.3.8</a><br><a href="https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3">https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11325">https://nvd.nist.gov/vuln/detail/CVE-2019-11325</a><br><a href="https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter">https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter</a><br><a href="https://symfony.com/blog/symfony-4-3-8-released">https://symfony.com/blog/symfony-4-3-8-released</a><br><a href="https://symfony.com/cve-2019-11325">https://symfony.com/cve-2019-11325</a><br></details> |
| twig/twig | CVE-2019-9942 | LOW | v2.6.2 | 1.38.0, 2.7.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942</a><br><a href="https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077">https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077</a><br><a href="https://seclists.org/bugtraq/2019/Mar/60">https://seclists.org/bugtraq/2019/Mar/60</a><br><a href="https://symfony.com/blog/twig-sandbox-information-disclosure">https://symfony.com/blog/twig-sandbox-information-disclosure</a><br><a href="https://www.debian.org/security/2019/dsa-4419">https://www.debian.org/security/2019/dsa-4419</a><br></details> |