Add Ckeditor5 vuln CVE-2024-45613

RetireJS · Sep 27, 2024 · fbda830 · fbda830
1 parent 5c53628
commit fbda830
Show file tree

Hide file tree

Showing 6 changed files with 120 additions and 6 deletions.
diff --git a/repository/convertToOldFormat → repository/convertToVersioned b/repository/convertToOldFormat → repository/convertToVersioned
diff --git a/repository/jsrepository-master.json b/repository/jsrepository-master.json
@@ -2571,7 +2571,8 @@
     ],
     "extractors": {
       "func": [
-        "document.querySelector('[ng-version]').getAttribute('ng-version')"
+        "document.querySelector('[ng-version]').getAttribute('ng-version')",
+        "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
       ]
     },
     "licenses": ["MIT >=0"]
@@ -4323,6 +4324,28 @@
   },
   "ckeditor5": {
     "vulnerabilities": [
+      {
+        "ranges": [
+          {
+            "atOrAbove": "40.0.0",
+            "below": "43.1.1"
+          }
+        ],
+        "summary": "Cross-site scripting (XSS) in the clipboard package",
+        "cwe": ["CWE-79"],
+        "severity": "medium",
+        "identifiers": {
+          "CVE": ["CVE-2024-45613"],
+          "githubID": "GHSA-rgg8-g5x8-wr9v"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+          "https://github.com/ckeditor/ckeditor5",
+          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+        ]
+      },
       {
         "ranges": [
           {
@@ -6294,7 +6317,6 @@
     },
     "licenses": ["MIT >=0"]
   },
-
   "dont check": {
     "vulnerabilities": [],
     "extractors": {

diff --git a/repository/jsrepository-v2.json b/repository/jsrepository-v2.json
@@ -3502,7 +3502,8 @@
     ],
     "extractors": {
       "func": [
-        "document.querySelector('[ng-version]').getAttribute('ng-version')"
+        "document.querySelector('[ng-version]').getAttribute('ng-version')",
+        "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
       ],
       "ast": [
         "//ExportNamedDeclaration[       /ExportSpecifier/:exported[         /:name == \"NgModuleFactory\" ||          /:name == \"ɵBrowserDomAdapter\"       ]     ]/ExportSpecifier[       /:exported/:name == \"VERSION\"     ]/:$local/:init/:arguments/:value",
@@ -5753,6 +5754,28 @@
           "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
         ]
+      },
+      {
+        "atOrAbove": "40.0.0",
+        "below": "43.1.1",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Cross-site scripting (XSS) in the clipboard package",
+          "CVE": [
+            "CVE-2024-45613"
+          ],
+          "githubID": "GHSA-rgg8-g5x8-wr9v"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+          "https://github.com/ckeditor/ckeditor5",
+          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+        ]
       }
     ],
     "extractors": {

diff --git a/repository/jsrepository-v3.json b/repository/jsrepository-v3.json
@@ -3578,7 +3578,8 @@
       ],
       "extractors": {
         "func": [
-          "document.querySelector('[ng-version]').getAttribute('ng-version')"
+          "document.querySelector('[ng-version]').getAttribute('ng-version')",
+          "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
         ],
         "ast": [
           "//ExportNamedDeclaration[       /ExportSpecifier/:exported[         /:name == \"NgModuleFactory\" ||          /:name == \"ɵBrowserDomAdapter\"       ]     ]/ExportSpecifier[       /:exported/:name == \"VERSION\"     ]/:$local/:init/:arguments/:value",
@@ -5887,6 +5888,28 @@
             "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
             "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
           ]
+        },
+        {
+          "atOrAbove": "40.0.0",
+          "below": "43.1.1",
+          "cwe": [
+            "CWE-79"
+          ],
+          "severity": "medium",
+          "identifiers": {
+            "summary": "Cross-site scripting (XSS) in the clipboard package",
+            "CVE": [
+              "CVE-2024-45613"
+            ],
+            "githubID": "GHSA-rgg8-g5x8-wr9v"
+          },
+          "info": [
+            "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+            "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+            "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+            "https://github.com/ckeditor/ckeditor5",
+            "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+          ]
         }
       ],
       "extractors": {

diff --git a/repository/jsrepository-v4.json b/repository/jsrepository-v4.json
@@ -3577,7 +3577,8 @@
     ],
     "extractors": {
       "func": [
-        "document.querySelector('[ng-version]').getAttribute('ng-version')"
+        "document.querySelector('[ng-version]').getAttribute('ng-version')",
+        "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
       ],
       "ast": [
         "//ExportNamedDeclaration[       /ExportSpecifier/:exported[         /:name == \"NgModuleFactory\" ||          /:name == \"ɵBrowserDomAdapter\"       ]     ]/ExportSpecifier[       /:exported/:name == \"VERSION\"     ]/:$local/:init/:arguments/:value",
@@ -5886,6 +5887,28 @@
           "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
         ]
+      },
+      {
+        "atOrAbove": "40.0.0",
+        "below": "43.1.1",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Cross-site scripting (XSS) in the clipboard package",
+          "CVE": [
+            "CVE-2024-45613"
+          ],
+          "githubID": "GHSA-rgg8-g5x8-wr9v"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+          "https://github.com/ckeditor/ckeditor5",
+          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+        ]
       }
     ],
     "extractors": {

diff --git a/repository/jsrepository.json b/repository/jsrepository.json
@@ -3475,7 +3475,8 @@
     ],
     "extractors": {
       "func": [
-        "document.querySelector('[ng-version]').getAttribute('ng-version')"
+        "document.querySelector('[ng-version]').getAttribute('ng-version')",
+        "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
       ]
     }
   },
@@ -5701,6 +5702,28 @@
           "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
         ]
+      },
+      {
+        "atOrAbove": "40.0.0",
+        "below": "43.1.1",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Cross-site scripting (XSS) in the clipboard package",
+          "CVE": [
+            "CVE-2024-45613"
+          ],
+          "githubID": "GHSA-rgg8-g5x8-wr9v"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+          "https://github.com/ckeditor/ckeditor5",
+          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+        ]
       }
     ],
     "extractors": {