📂 Vulnerable Library - vuex-4.1.0.tgz
state management for Vue.js
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2024-9506 |
🟡 Low |
2.9 |
Not Defined |
< 1% |
vue-2.7.14.tgz |
Direct |
vue - 3.0.0-alpha.0,vue - 3.0.0 |
✅ |
|
Details
🟡CVE-2024-9506
Vulnerable Library - vue-2.7.14.tgz
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /tests/e2e/cypress/fixtures/TestPlugin/src/Resources/app/administration/package.json
Dependency Hierarchy:
-
vuex-4.1.0.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
vue-router-4.2.2.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
❌ vue-2.7.14.tgz (Vulnerable Library)
-
vuex-3.6.2.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
test-utils-2.3.2.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
test-utils-1.3.6.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
compat-3.3.4.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
vue-3.3.4.tgz (Root Library)
- server-renderer-3.3.4.tgz
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
vue-i18n-9.2.2.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0
📂 Vulnerable Library - vuex-4.1.0.tgz
state management for Vue.js
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
Details
🟡CVE-2024-9506
Vulnerable Library - vue-2.7.14.tgz
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /tests/e2e/cypress/fixtures/TestPlugin/src/Resources/app/administration/package.json
Dependency Hierarchy:
vuex-4.1.0.tgz (Root Library)
vue-router-4.2.2.tgz (Root Library)
❌ vue-2.7.14.tgz (Vulnerable Library)
vuex-3.6.2.tgz (Root Library)
test-utils-2.3.2.tgz (Root Library)
test-utils-1.3.6.tgz (Root Library)
compat-3.3.4.tgz (Root Library)
vue-3.3.4.tgz (Root Library)
vue-i18n-9.2.2.tgz (Root Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0