-
Notifications
You must be signed in to change notification settings - Fork 0
Telefonica Evolved5g InfolysisNetApp
Evolved5G edited this page Nov 21, 2023
·
27 revisions
| Severity | Number of vulnerabilities |
|---|---|
| HIGH | 27 |
| MEDIUM | 24 |
| Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
|---|---|---|---|---|---|
| HIGH | CVE-2021-32740 | ReDoS in templates | addressable | 2.6.0 | >= 2.8.0 |
| HIGH | GHSA-6chw-6frg-f759 | Regular Expression Denial of Service in Acorn | acorn | 6.3.0 | 5.7.4, 6.4.1, 7.1.1 |
| HIGH | CVE-2021-3807 | Regular expression denial of service (ReDoS) matching ANSI escape codes | ansi-regex | 3.0.0 | 6.0.1, 5.0.1, 4.1.1, 3.0.1 |
| HIGH | CVE-2021-3807 | Regular expression denial of service (ReDoS) matching ANSI escape codes | ansi-regex | 4.1.0 | 6.0.1, 5.0.1, 4.1.1, 3.0.1 |
| HIGH | CVE-2023-46234 | browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack | browserify-sign | 4.0.4 | 4.2.2 |
| HIGH | CVE-2022-38900 | decode-uri-component: improper input validation resulting in DoS | decode-uri-component | 0.2.0 | 0.2.1 |
| HIGH | CVE-2020-13822 | nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA | elliptic | 6.5.0 | 6.5.3 |
| HIGH | CVE-2020-28469 | Regular expression denial of service | glob-parent | 3.1.0 | 5.1.2 |
| HIGH | CVE-2020-7788 | Prototype pollution via malicious INI file | ini | 1.3.5 | 1.3.6 |
| HIGH | CVE-2022-46175 | json5: Prototype Pollution in JSON5 via Parse Method | json5 | 1.0.1 | 2.2.2, 1.0.2 |
| HIGH | CVE-2019-20149 | ctorName in index.js allows external user input to overwrite certain internal attributes | kind-of | 6.0.2 | 6.0.3 |
| HIGH | CVE-2022-37599 | loader-utils: regular expression denial of service in interpolateName.js | loader-utils | 1.4.1 | 1.4.2, 2.0.4, 3.2.1 |
| HIGH | CVE-2022-37603 | Regular expression denial of service | loader-utils | 1.4.1 | 1.4.2, 2.0.4, 3.2.1 |
| HIGH | CVE-2022-3517 | nodejs-minimatch: ReDoS via the braceExpand function | minimatch | 3.0.4 | 3.0.5 |
| HIGH | CVE-2020-7660 | allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js | serialize-javascript | 1.7.0 | 3.1.0 |
| HIGH | CVE-2021-27290 | Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode | ssri | 6.0.1 | 6.0.2, 7.1.1, 8.0.1 |
| HIGH | CVE-2021-32803 | nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite | tar | 4.4.10 | 3.2.3, 4.4.15, 5.0.7, 6.1.2 |
| HIGH | CVE-2021-32804 | Insufficient absolute path sanitization allowing arbitrary file creation and overwrite | tar | 4.4.10 | 3.2.2, 4.4.14, 5.0.6, 6.1.1 |
| HIGH | CVE-2021-37701 | Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbit | tar | 4.4.10 | 4.4.16, 5.0.8, 6.1.7 |
| HIGH | CVE-2021-37712 | Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbit | tar | 4.4.10 | 4.4.18, 5.0.10, 6.1.9 |
| HIGH | CVE-2021-37713 | nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization | tar | 4.4.10 | 4.4.18, 5.0.10, 6.1.9 |
| HIGH | CVE-2022-25858 | terser: insecure use of regular expressions leads to ReDoS | terser | 4.1.4 | 4.8.1, 5.14.2 |
| HIGH | CVE-2020-7774 | nodejs-y18n: prototype pollution vulnerability | y18n | 4.0.0 | 3.2.2, 4.0.1, 5.0.5 |
| HIGH | CVE-2022-24999 | express: "qs" prototype poisoning causes the hang of the node process | qs | 6.5.1 | 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
| HIGH | CVE-2020-7662 | npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser | websocket-extensions | 0.1.1 | 0.1.4 |
| HIGH | CVE-2023-46234 | browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack | browserify-sign | 4.0.4 | 4.2.2 |
| HIGH | CVE-2023-46234 | browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack | browserify-sign | 4.0.4 | 4.2.2 |
| MEDIUM | CVE-2019-11358 | jquery: Prototype pollution in object's prototype leading to denial of service, remote code executio | jquery | 3.3.1 | >=3.4.0 |
| MEDIUM | CVE-2019-5428 | Modification of Assumed-Immutable Data (MAID) | jquery | 3.3.1 | >=3.4.0 |
| MEDIUM | CVE-2020-11022 | jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2020-11023 | Untrusted code execution via tag in HTML passed to DOM manipulation methods | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2020-23064 | Cross-site scripting | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2020-11022 | jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method | jquery | 3.4.1 | 3.5.0 |
| MEDIUM | CVE-2020-11023 | Untrusted code execution via tag in HTML passed to DOM manipulation methods | jquery | 3.4.1 | 3.5.0 |
| MEDIUM | CVE-2020-23064 | Cross-site scripting | jquery | 3.4.1 | 3.5.0 |
| MEDIUM | CVE-2020-15366 | nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function | ajv | 6.10.2 | 6.12.3 |
| MEDIUM | CVE-2017-16137 | nodejs-debug: Regular expression Denial of Service | debug | 3.2.6 | 2.6.9, 3.1.0, 3.2.7, 4.3.1 |
| MEDIUM | CVE-2020-28498 | The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ... | elliptic | 6.5.0 | 6.5.4 |
| MEDIUM | CVE-2022-25883 | nodejs-semver: Regular expression denial of service | semver | 5.5.0 | 7.5.2, 6.3.1, 5.7.2 |
| MEDIUM | CVE-2022-25883 | nodejs-semver: Regular expression denial of service | semver | 5.7.1 | 7.5.2, 6.3.1, 5.7.2 |
| MEDIUM | CVE-2019-16769 | npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions | serialize-javascript | 1.7.0 | 2.1.1 |
| MEDIUM | CVE-2020-7608 | nodejs-yargs-parser: prototype pollution vulnerability | yargs-parser | 13.1.1 | 13.1.2, 15.0.1, 18.1.1, 5.0.1 |
| MEDIUM | CVE-2019-11358 | jquery: Prototype pollution in object's prototype leading to denial of service, remote code executio | jquery | 3.3.1 | >=3.4.0 |
| MEDIUM | CVE-2019-5428 | Modification of Assumed-Immutable Data (MAID) | jquery | 3.3.1 | >=3.4.0 |
| MEDIUM | CVE-2020-11022 | jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2020-11023 | Untrusted code execution via tag in HTML passed to DOM manipulation methods | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2020-23064 | Cross-site scripting | jquery | 3.3.1 | 3.5.0 |
| MEDIUM | CVE-2017-16022 | Cross-Site Scripting in morris.js | morris.js | 0.5.0 | |
| MEDIUM | NSWG-ECO-307 | XSS in Hover Over Label Names | morris.js | 0.5.0 | <0.0.0 |
| MEDIUM | CVE-2017-16022 | Cross-Site Scripting in morris.js | morris.js | 0.5.0 | |
| MEDIUM | NSWG-ECO-307 | XSS in Hover Over Label Names | morris.js | 0.5.0 | <0.0.0 |
Date: 2023-11-21