-
Notifications
You must be signed in to change notification settings - Fork 41
v2.10.0 Security vulnerability report libraries
System bot edited this page Sep 26, 2024
·
67 revisions
| SUBSCRIPTIONID | RESOURCEGROUP | VULNID | IDENTIFICATIONDATE | CATEGORY | CVE | CVSS | SEVERITY | DISPLAYNAME | RESOURCEID | RESOURCEID_SINGLE | AKTIV | HOST | OSDETAILS |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | frontend-v2.10.0 | frontend-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | api-v2.10.0 | api-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | provisioning-v2.10.0 | provisioning-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | e2e-test-v2.10.0 | e2e-test-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-39338 | 2024-08-12T13:38:24.487Z | npm audit | CVE-2024-39338 | HIGH | axios: axios: Server-Side Request Forgery | migration-v2.10.0 | migration-v2.10.0 | Yes | package: axios, status: fixed, fixedVersion: 1.7.4 | ||
| - | - | CVE-2024-4068 | 2024-05-14T15:42:48.66Z | npm audit | CVE-2024-4068 | HIGH | braces: fails to limit the number of characters it can handle | frontend-v2.10.0 | frontend-v2.10.0 | Yes | package: braces, status: fixed, fixedVersion: 3.0.3 | ||
| - | - | CVE-2024-37168 | 2024-06-10T22:15:12.433Z | npm audit | CVE-2024-37168 | MEDIUM | grps-js: allocate memory for incoming messages well above configured limits | api-v2.10.0 | api-v2.10.0 | Yes | package: @grpc/grpc-js, status: fixed, fixedVersion: 1.10.9, 1.9.15, 1.8.22 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | api-v2.10.0 | api-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | provisioning-v2.10.0 | provisioning-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-45813 | 2024-09-18T17:15:19.163Z | npm audit | CVE-2024-45813 | HIGH | find-my-way: ReDoS vulnerability in multiparametric routes | frontend-collector-v2.10.0 | frontend-collector-v2.10.0 | Yes | package: find-my-way, status: fixed, fixedVersion: 8.2.2, 9.0.1 | ||
| - | - | CVE-2024-34273 | 2024-05-16T16:15:08.6Z | npm audit | CVE-2024-34273 | MEDIUM | njwt Prototype Pollution vulnerability | api-v2.10.0 | api-v2.10.0 | Yes | package: njwt, status: fixed, fixedVersion: 2.0.1 | ||
| - | - | CVE-2024-45590 | 2024-09-10T16:15:21.083Z | npm audit | CVE-2024-45590 | HIGH | body-parser: Denial of Service Vulnerability in body-parser | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: body-parser, status: fixed, fixedVersion: 1.20.3 | ||
| - | - | CVE-2024-45590 | 2024-09-10T16:15:21.083Z | npm audit | CVE-2024-45590 | HIGH | body-parser: Denial of Service Vulnerability in body-parser | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: body-parser, status: fixed, fixedVersion: 1.20.3 | ||
| - | - | CVE-2024-45590 | 2024-09-10T16:15:21.083Z | npm audit | CVE-2024-45590 | HIGH | body-parser: Denial of Service Vulnerability in body-parser | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: body-parser, status: fixed, fixedVersion: 1.20.3 | ||
| - | - | CVE-2024-45590 | 2024-09-10T16:15:21.083Z | npm audit | CVE-2024-45590 | HIGH | body-parser: Denial of Service Vulnerability in body-parser | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: body-parser, status: fixed, fixedVersion: 1.20.3 | ||
| - | - | CVE-2024-43796 | 2024-09-10T15:15:17.51Z | npm audit | CVE-2024-43796 | MEDIUM | express: Improper Input Handling in Express Redirects | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: express, status: fixed, fixedVersion: 4.20.0, 5.0.0 | ||
| - | - | CVE-2024-43796 | 2024-09-10T15:15:17.51Z | npm audit | CVE-2024-43796 | MEDIUM | express: Improper Input Handling in Express Redirects | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: express, status: fixed, fixedVersion: 4.20.0, 5.0.0 | ||
| - | - | CVE-2024-43796 | 2024-09-10T15:15:17.51Z | npm audit | CVE-2024-43796 | MEDIUM | express: Improper Input Handling in Express Redirects | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: express, status: fixed, fixedVersion: 4.20.0, 5.0.0 | ||
| - | - | CVE-2024-43796 | 2024-09-10T15:15:17.51Z | npm audit | CVE-2024-43796 | MEDIUM | express: Improper Input Handling in Express Redirects | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: express, status: fixed, fixedVersion: 4.20.0, 5.0.0 | ||
| - | - | CVE-2024-45296 | 2024-09-09T19:15:13.33Z | npm audit | CVE-2024-45296 | HIGH | path-to-regexp: Backtracking regular expressions cause ReDoS | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: path-to-regexp, status: fixed, fixedVersion: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | ||
| - | - | CVE-2024-45296 | 2024-09-09T19:15:13.33Z | npm audit | CVE-2024-45296 | HIGH | path-to-regexp: Backtracking regular expressions cause ReDoS | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: path-to-regexp, status: fixed, fixedVersion: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | ||
| - | - | CVE-2024-45296 | 2024-09-09T19:15:13.33Z | npm audit | CVE-2024-45296 | HIGH | path-to-regexp: Backtracking regular expressions cause ReDoS | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: path-to-regexp, status: fixed, fixedVersion: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | ||
| - | - | CVE-2024-45296 | 2024-09-09T19:15:13.33Z | npm audit | CVE-2024-45296 | HIGH | path-to-regexp: Backtracking regular expressions cause ReDoS | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: path-to-regexp, status: fixed, fixedVersion: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | ||
| - | - | CVE-2024-43799 | 2024-09-10T15:15:17.727Z | npm audit | CVE-2024-43799 | MEDIUM | send: Code Execution Vulnerability in Send Library | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: send, status: fixed, fixedVersion: 0.19.0 | ||
| - | - | CVE-2024-43799 | 2024-09-10T15:15:17.727Z | npm audit | CVE-2024-43799 | MEDIUM | send: Code Execution Vulnerability in Send Library | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: send, status: fixed, fixedVersion: 0.19.0 | ||
| - | - | CVE-2024-43799 | 2024-09-10T15:15:17.727Z | npm audit | CVE-2024-43799 | MEDIUM | send: Code Execution Vulnerability in Send Library | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: send, status: fixed, fixedVersion: 0.19.0 | ||
| - | - | CVE-2024-43799 | 2024-09-10T15:15:17.727Z | npm audit | CVE-2024-43799 | MEDIUM | send: Code Execution Vulnerability in Send Library | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: send, status: fixed, fixedVersion: 0.19.0 | ||
| - | - | CVE-2024-43800 | 2024-09-10T15:15:17.937Z | npm audit | CVE-2024-43800 | MEDIUM | serve-static: Improper Sanitization in serve-static | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: serve-static, status: fixed, fixedVersion: 1.16.0, 2.1.0 | ||
| - | - | CVE-2024-43800 | 2024-09-10T15:15:17.937Z | npm audit | CVE-2024-43800 | MEDIUM | serve-static: Improper Sanitization in serve-static | excel-export-service-v2.10.0 | excel-export-service-v2.10.0 | Yes | package: serve-static, status: fixed, fixedVersion: 1.16.0, 2.1.0 | ||
| - | - | CVE-2024-43800 | 2024-09-10T15:15:17.937Z | npm audit | CVE-2024-43800 | MEDIUM | serve-static: Improper Sanitization in serve-static | email-notification-service-v2.10.0 | email-notification-service-v2.10.0 | Yes | package: serve-static, status: fixed, fixedVersion: 1.16.0, 2.1.0 | ||
| - | - | CVE-2024-43800 | 2024-09-10T15:15:17.937Z | npm audit | CVE-2024-43800 | MEDIUM | serve-static: Improper Sanitization in serve-static | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: serve-static, status: fixed, fixedVersion: 1.16.0, 2.1.0 | ||
| - | - | CVE-2024-37890 | 2024-06-17T20:15:13.203Z | npm audit | CVE-2024-37890 | HIGH | nodejs-ws: denial of service when handling a request with many HTTP headers | blockchain-v2.10.0 | blockchain-v2.10.0 | Yes | package: ws, status: fixed, fixedVersion: 5.2.4, 6.2.3, 7.5.10, 8.17.1 | ||
| - | - | CVE-2024-35255 | 2024-06-11T17:16:03.55Z | npm audit | CVE-2024-35255 | MEDIUM | azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: @azure/identity, status: fixed, fixedVersion: 4.2.1 | ||
| - | - | CVE-2024-42459 | 2024-08-02T07:16:10.003Z | npm audit | CVE-2024-42459 | LOW | elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: elliptic, status: fixed, fixedVersion: 6.5.7 | ||
| - | - | CVE-2024-42460 | 2024-08-02T07:16:10.12Z | npm audit | CVE-2024-42460 | LOW | elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: elliptic, status: fixed, fixedVersion: 6.5.7 | ||
| - | - | CVE-2024-42461 | 2024-08-02T07:16:10.23Z | npm audit | CVE-2024-42461 | LOW | elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: elliptic, status: fixed, fixedVersion: 6.5.7 | ||
| - | - | CVE-2024-41818 | 2024-07-29T16:15:05.57Z | npm audit | CVE-2024-41818 | HIGH | fast-xml-parser: ReDOS at currency parsing in currency.js | storage-service-v2.10.0 | storage-service-v2.10.0 | Yes | package: fast-xml-parser, status: fixed, fixedVersion: 4.4.1 |
Last scan date: 2024-9-26 6:29:20