📂 Vulnerable Library - test-utils-1.3.6.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-121740-819191 |
🟣 Critical |
9.8 |
N/A |
N/A |
lodash-4.17.21.tgz |
Direct |
N/A |
❌ |
|
| CVE-2024-9506 |
🟡 Low |
2.9 |
Not Defined |
< 1% |
vue-2.7.14.tgz |
Direct |
vue - 3.0.0-alpha.0,vue - 3.0.0 |
✅ |
|
| CVE-2024-9506 |
🟡 Low |
2.9 |
Not Defined |
< 1% |
vue-template-compiler-2.7.14.tgz |
Direct |
vue - 3.0.0-alpha.0,vue - 3.0.0 |
✅ |
|
Details
🟣CVE-121740-819191
Vulnerable Library - lodash-4.17.21.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
Path to dependency file: /tests/e2e/package.json
Dependency Hierarchy:
-
admin-extension-sdk-3.0.15.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
e2e-testsuite-platform-7.0.5.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
webpack-bundle-analyzer-3.9.0.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
lighthouse-9.6.8.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
test-utils-1.3.6.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
❌ lodash-4.17.21.tgz (Vulnerable Library)
-
cli-0.9.0.tgz (Root Library)
- inquirer-6.5.2.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
webpack-dev-server-3.11.3.tgz (Root Library)
- http-proxy-middleware-0.19.1.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
admin-extension-sdk-3.0.13.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
cypress-multi-reporters-1.6.2.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
mocha-7.2.0.tgz (Root Library)
- yargs-unparser-1.6.0.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
webpack-merge-4.2.2.tgz (Root Library)
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
webpack-plugin-injector-1.0.7.tgz (Root Library)
- webpack-merge-4.2.2.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
cli-0.11.0.tgz (Root Library)
- inquirer-6.5.2.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
-
optimize-css-assets-webpack-plugin-5.0.8.tgz (Root Library)
- last-call-webpack-plugin-3.0.0.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-121740-819191
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟡CVE-2024-9506
Vulnerable Library - vue-2.7.14.tgz
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /tests/e2e/cypress/fixtures/TestPlugin/src/Resources/app/administration/package.json
Dependency Hierarchy:
-
❌ vue-2.7.14.tgz (Vulnerable Library)
-
test-utils-2.3.2.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
-
test-utils-1.3.6.tgz (Root Library)
- ❌ vue-2.7.14.tgz (Vulnerable Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0
🟡CVE-2024-9506
Vulnerable Library - vue-template-compiler-2.7.14.tgz
template compiler for Vue 2.0
Library home page: https://registry.npmjs.org/vue-template-compiler/-/vue-template-compiler-2.7.14.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Dependency Hierarchy:
-
test-utils-1.3.6.tgz (Root Library)
- ❌ vue-template-compiler-2.7.14.tgz (Vulnerable Library)
-
❌ vue-template-compiler-2.7.14.tgz (Vulnerable Library)
-
fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)
- ❌ vue-template-compiler-2.7.14.tgz (Vulnerable Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0
📂 Vulnerable Library - test-utils-1.3.6.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
Details
🟣CVE-121740-819191
Vulnerable Library - lodash-4.17.21.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
Path to dependency file: /tests/e2e/package.json
Dependency Hierarchy:
admin-extension-sdk-3.0.15.tgz (Root Library)
e2e-testsuite-platform-7.0.5.tgz (Root Library)
webpack-bundle-analyzer-3.9.0.tgz (Root Library)
lighthouse-9.6.8.tgz (Root Library)
test-utils-1.3.6.tgz (Root Library)
❌ lodash-4.17.21.tgz (Vulnerable Library)
cli-0.9.0.tgz (Root Library)
webpack-dev-server-3.11.3.tgz (Root Library)
admin-extension-sdk-3.0.13.tgz (Root Library)
cypress-multi-reporters-1.6.2.tgz (Root Library)
mocha-7.2.0.tgz (Root Library)
webpack-merge-4.2.2.tgz (Root Library)
webpack-plugin-injector-1.0.7.tgz (Root Library)
cli-0.11.0.tgz (Root Library)
optimize-css-assets-webpack-plugin-5.0.8.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-121740-819191
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟡CVE-2024-9506
Vulnerable Library - vue-2.7.14.tgz
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz
Path to dependency file: /tests/e2e/cypress/fixtures/TestPlugin/src/Resources/app/administration/package.json
Dependency Hierarchy:
❌ vue-2.7.14.tgz (Vulnerable Library)
test-utils-2.3.2.tgz (Root Library)
test-utils-1.3.6.tgz (Root Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0
🟡CVE-2024-9506
Vulnerable Library - vue-template-compiler-2.7.14.tgz
template compiler for Vue 2.0
Library home page: https://registry.npmjs.org/vue-template-compiler/-/vue-template-compiler-2.7.14.tgz
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Dependency Hierarchy:
test-utils-1.3.6.tgz (Root Library)
❌ vue-template-compiler-2.7.14.tgz (Vulnerable Library)
fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)
Vulnerability Details
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
Publish Date: Oct 15, 2024 03:40 PM
URL: CVE-2024-9506
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-5j4c-8p2g-v4jx
Release Date: Oct 15, 2024 03:40 PM
Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0