Skip to content

Commit

Permalink
Add angular CVE, adjust range for axios, add CWE for jQuery CVE
Browse files Browse the repository at this point in the history
  • Loading branch information
@eoftedal
eoftedal committed Mar 12, 2024
1 parent d382c8c commit beff847
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 4 deletions.
32 changes: 30 additions & 2 deletions repository/jsrepository-master.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@
"CVE": ["CVE-2016-10707"],
"githubID": "GHSA-mhpp-875w-9cpv"
},
"cwe": ["CWE-400"],
"cwe": ["CWE-400", "CWE-674"],
"severity": "high",
"info": ["https://nvd.nist.gov/vuln/detail/CVE-2016-10707"]
},
Expand Down Expand Up @@ -2024,6 +2024,30 @@
"bowername": ["angularjs", "angular.js"],
"npmname": "angular",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "1.3.0",
"below": "999"
}
],
"summary": "angular vulnerable to super-linear runtime due to backtracking",
"cwe": ["CWE-1333"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-21490"],
"githubID": "GHSA-4w4v-5hc9-xrr2"
},
"info": [
"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2",
"https://nvd.nist.gov/vuln/detail/CVE-2024-21490",
"https://github.com/angular/angular.js",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
]
},
{
"ranges": [
{
Expand Down Expand Up @@ -4292,8 +4316,12 @@
{
"ranges": [
{
"atOrAbove": "0.8.1",
"atOrAbove": "1.0.0",
"below": "1.6.0"
},
{
"atOrAbove": "0.8.1",
"below": "0.28.0"
}
],
"summary": "Axios Cross-Site Request Forgery Vulnerability",
Expand Down
52 changes: 51 additions & 1 deletion repository/jsrepository-v2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,8 @@
"atOrAbove": "3.0.0-rc.1",
"below": "3.0.0",
"cwe": [
"CWE-400"
"CWE-400",
"CWE-674"
],
"severity": "high",
"identifiers": {
Expand Down Expand Up @@ -3160,6 +3161,30 @@
"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
]
},
{
"atOrAbove": "1.3.0",
"below": "999",
"cwe": [
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "angular vulnerable to super-linear runtime due to backtracking",
"CVE": [
"CVE-2024-21490"
],
"githubID": "GHSA-4w4v-5hc9-xrr2"
},
"info": [
"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2",
"https://nvd.nist.gov/vuln/detail/CVE-2024-21490",
"https://github.com/angular/angular.js",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
]
},
{
"atOrAbove": "1.7.0",
"below": "999",
Expand Down Expand Up @@ -5740,6 +5765,31 @@
},
{
"atOrAbove": "0.8.1",
"below": "0.28.0",
"cwe": [
"CWE-352"
],
"severity": "medium",
"identifiers": {
"summary": "Axios Cross-Site Request Forgery Vulnerability",
"CVE": [
"CVE-2023-45857"
],
"githubID": "GHSA-wf5p-g6vw-rhxx"
},
"info": [
"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
"https://github.com/axios/axios/issues/6006",
"https://github.com/axios/axios/issues/6022",
"https://github.com/axios/axios/pull/6028",
"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
"https://github.com/axios/axios/releases/tag/v1.6.0",
"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
]
},
{
"atOrAbove": "1.0.0",
"below": "1.6.0",
"cwe": [
"CWE-352"
Expand Down
52 changes: 51 additions & 1 deletion repository/jsrepository.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,8 @@
"atOrAbove": "3.0.0-rc.1",
"below": "3.0.0",
"cwe": [
"CWE-400"
"CWE-400",
"CWE-674"
],
"severity": "high",
"identifiers": {
Expand Down Expand Up @@ -3138,6 +3139,30 @@
"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
]
},
{
"atOrAbove": "1.3.0",
"below": "999",
"cwe": [
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "angular vulnerable to super-linear runtime due to backtracking",
"CVE": [
"CVE-2024-21490"
],
"githubID": "GHSA-4w4v-5hc9-xrr2"
},
"info": [
"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2",
"https://nvd.nist.gov/vuln/detail/CVE-2024-21490",
"https://github.com/angular/angular.js",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
]
},
{
"atOrAbove": "1.7.0",
"below": "999",
Expand Down Expand Up @@ -5683,6 +5708,31 @@
},
{
"atOrAbove": "0.8.1",
"below": "0.28.0",
"cwe": [
"CWE-352"
],
"severity": "medium",
"identifiers": {
"summary": "Axios Cross-Site Request Forgery Vulnerability",
"CVE": [
"CVE-2023-45857"
],
"githubID": "GHSA-wf5p-g6vw-rhxx"
},
"info": [
"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
"https://github.com/axios/axios/issues/6006",
"https://github.com/axios/axios/issues/6022",
"https://github.com/axios/axios/pull/6028",
"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
"https://github.com/axios/axios/releases/tag/v1.6.0",
"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
]
},
{
"atOrAbove": "1.0.0",
"below": "1.6.0",
"cwe": [
"CWE-352"
Expand Down

0 comments on commit beff847

Please sign in to comment.