devtron-labs / devtron Goto Github PK

Vulnerable Library - gopkg.in/yaml.v2-v2.2.4

YAML support for the Go language.

Dependency Hierarchy:

• github.com/ghodss/yaml-v1.0.0 (Root Library)
  • ❌ gopkg.in/yaml.v2-v2.2.4 (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

Publish Date: 2020-04-01

URL: CVE-2019-11254

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://github.com/go-yaml/yaml/tree/v2.2.8

Release Date: 2020-04-01

Fix Resolution: v2.2.8

Vulnerable Libraries - github.com/argoproj/argo-cd/util/session-v1.2.3, github.com/argoproj/argo-cd/util-v1.2.3

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.

Publish Date: 2020-04-08

URL: CVE-2020-11576

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11576

Release Date: 2020-04-08

Fix Resolution: v1.5.1

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/superagent/docs/tail.html

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/superagent/docs/tail.html

Dependency Hierarchy:

• ❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Vulnerable Library - y18n-4.0.0.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/y18n/package.json

Dependency Hierarchy:

• copy-webpack-plugin-4.6.0.tgz (Root Library)
  • cacache-10.0.4.tgz
    • ❌ y18n-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

This affects the package y18n before 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

Release Date: 2020-11-17

Fix Resolution: 5.0.5

Vulnerable Libraries - opennmsopennms-source-26.0.0-1, node-sass-4.14.1.tgz

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.6.0

Vulnerable Library - pathval-0.1.1.tgz

Object value retrieval given a string path

Library home page: https://registry.npmjs.org/pathval/-/pathval-0.1.1.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/pathval/package.json

Dependency Hierarchy:

• jscs-3.0.7.tgz (Root Library)
  • ❌ pathval-0.1.1.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

This affects all versions of package pathval.

Publish Date: 2020-10-26

URL: CVE-2020-7751

CVSS 3 Score Details (7.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Libraries - k8s.io/apimachinery/pkg/runtime/serializer/json-kubernetes-1.14.6, k8s.io/apimachinery/pkg/runtime-kubernetes-1.14.6, k8s.io/apimachinery/pkg/runtime/serializer-kubernetes-1.14.6, k8s.io/apimachinery/pkg/util/json-kubernetes-1.14.6

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

Publish Date: 2019-10-17

URL: CVE-2019-11253

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: kubernetes/kubernetes#83253

Release Date: 2019-10-17

Fix Resolution: v1.13.12;v1.14.8;v1.15.5;v1.16.2

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/jsdoctypeparser/node_modules/lodash/package.json,devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/jscs/node_modules/lodash/package.json,devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/xmlbuilder/node_modules/lodash/package.json

Dependency Hierarchy:

• jscs-3.0.7.tgz (Root Library)
  • ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Publish Date: 2019-07-26

URL: CVE-2019-10744

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-jf85-cpcp-j695

Release Date: 2019-07-08

Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0

Vulnerable Library - github.com/dgrijalva/jwt-go-v3.2.0

Golang implementation of JSON Web Tokens (JWT)

Dependency Hierarchy:

• ❌ github.com/dgrijalva/jwt-go-v3.2.0 (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

Publish Date: 2020-09-30

URL: CVE-2020-26160

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Vulnerable Libraries - opennmsopennms-source-26.0.0-1, node-sass-4.14.1.tgz

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: LibSass - 3.6.0

Vulnerable Libraries - github.com/argoproj/argo-cd/util/session-v1.2.3, github.com/argoproj/argo-cd/util-v1.2.3, github.com/argoproj/argo-cd/common-v1.2.3

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.

Publish Date: 2020-04-08

URL: CVE-2020-8828

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8828

Release Date: 2020-04-08

Fix Resolution: v1.5.0-rc3

Vulnerable Libraries - node-sass-4.14.1.tgz, CSS::Sassv3.4.11

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Release Date: 2018-12-04

Fix Resolution: Libsass:3.6.0

Vulnerable Libraries - k8s.io/client-go/kubernetes/typed/authorization/v1beta1-kubernetes-1.14.6, k8s.io/client-go/tools/remotecommand-kubernetes-1.14.6, k8s.io/client-go/util/keyutil-kubernetes-1.14.6, k8s.io/client-go/kubernetes/typed/node/v1beta1-kubernetes-1.14.6, k8s.io/client-go/util/connrotation-kubernetes-1.14.6, k8s.io/client-go/pkg/version-kubernetes-1.14.6, k8s.io/client-go/kubernetes/typed/networking/v1beta1-kubernetes-1.14.6, k8s.io/client-go/transport-kubernetes-1.14.6, k8s.io/client-go/tools/pager-kubernetes-1.14.6, k8s.io/client-go/discovery-kubernetes-1.14.6, k8s.io/client-go/kubernetes/typed/networking/v1-kubernetes-1.14.6, k8s.io/client-go/dynamic-kubernetes-1.14.6, k8s.io/client-go/kubernetes/typed/node/v1alpha1-kubernetes-1.14.6, k8s.io/client-go/kubernetes/typed/authorization/v1-kubernetes-1.14.6

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

Publish Date: 2019-08-29

URL: CVE-2019-11250

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250

Release Date: 2019-08-29

Fix Resolution: 1.16.0

Vulnerable Library - utile-0.2.1.tgz

A drop-in replacement for `util` with some additional advantageous functions

Library home page: https://registry.npmjs.org/utile/-/utile-0.2.1.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/utile/package.json

Dependency Hierarchy:

• jscs-3.0.7.tgz (Root Library)
  • prompt-0.2.14.tgz
    • ❌ utile-0.2.1.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

utile allocates uninitialized Buffers when number is passed in input.
Before version 0.3.0

Publish Date: 2018-07-16

URL: WS-2018-0148

CVSS 2 Score Details (1.8)

Base Score Metrics not available

Vulnerable Libraries - github.com/argoproj/argo-cd/util/session-v1.2.3, github.com/argoproj/argo-cd/util-v1.2.3, github.com/argoproj/argo-cd/common-v1.2.3, github.com/argoproj/argo-cd/util/settings-v1.2.3

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.

Publish Date: 2020-04-08

URL: CVE-2020-8826

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8826

Release Date: 2020-04-08

Fix Resolution: v1.5.0-rc1

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/jsdoctypeparser/node_modules/lodash/package.json,devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/jscs/node_modules/lodash/package.json,devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/xmlbuilder/node_modules/lodash/package.json

Dependency Hierarchy:

• jscs-3.0.7.tgz (Root Library)
  • ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1523

Release Date: 2020-07-23

Fix Resolution: lodash - 4.17.19

Vulnerable Library - opennmsopennms-source-26.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerable Source Files (1)

devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: LibSass - 3.6.0

Vulnerable Library - serialize-javascript-1.9.1.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz

Path to dependency file: devtron/vendor/github.com/argoproj/argo-cd/ui/package.json

Path to vulnerable library: devtron/vendor/github.com/argoproj/argo-cd/ui/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

• copy-webpack-plugin-4.6.0.tgz (Root Library)
  • ❌ serialize-javascript-1.9.1.tgz (Vulnerable Library)

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Publish Date: 2019-12-05

URL: CVE-2019-16769

CVSS 3 Score Details (5.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769

Release Date: 2019-12-05

Fix Resolution: v2.1.1

Vulnerable Libraries - opennmsopennms-source-26.0.0-1, node-sass-4.14.1.tgz

Found in HEAD commit: f7db3d4b83b1d3b0008f56e9a649b36ed2ae830d

Found in base branch: main

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11698

Release Date: 2018-06-04

Fix Resolution: Libsass-3.6.0