Skip to content

Log4j version update#31

Open
igorlombacx wants to merge 1 commit intomainfrom
log4j-version-update
Open

Log4j version update#31
igorlombacx wants to merge 1 commit intomainfrom
log4j-version-update

Conversation

@igorlombacx
Copy link
Owner

@igorlombacx igorlombacx commented Sep 29, 2022

No description provided.

@igorlombacx
Copy link
Owner Author

igorlombacx commented Sep 29, 2022

Logo
Checkmarx AST – Scan Summary & Details4a69224c-2332-4c1d-bf30-feef9fa6cf88

No New Or Fixed Issues Found

@igorlombacx igorlombacx reopened this Jan 11, 2023
@igorlombacx
Copy link
Owner Author

igorlombacx commented Jan 11, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsec968e03-fcdf-41f8-ae2f-e78177006ced

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2017-1000048 Npm-qs-6.0.0 Vulnerable Package
HIGH CVE-2019-10744 Npm-lodash-4.17.11 Vulnerable Package
HIGH CVE-2020-8203 Npm-lodash-4.17.11 Vulnerable Package
HIGH CVE-2021-23337 Npm-lodash-4.17.11 Vulnerable Package
HIGH CVE-2021-4229 Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH CVE-2022-24999 Npm-qs-6.0.0 Vulnerable Package
HIGH CVE-2022-25927 Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Code_Injection /small-project-main/dsvw.py: 56 Attack Vector
HIGH Command_Injection /small-project-main/dsvw.py: 56 Attack Vector
HIGH Cx0a21eeca-49b1 Npm-scs-0.0.1 Vulnerable Package
HIGH Cx0b414307-5d4b Npm-lodash-4.17.11 Vulnerable Package
HIGH Cx0b915a4a-2d97 Npm-scs-0.0.1 Vulnerable Package
HIGH Cx18e041aa-8a63 Npm-node-ipc-9.2.2 Vulnerable Package
HIGH Cx21f588f7-f9cb Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cx4ca27ec0-0c96 Npm-scs-0.0.1 Vulnerable Package
HIGH Cx68e4da20-b53a Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cx6bee2138-4df0 Npm-flow-dev-tools-99.10.9 Vulnerable Package
HIGH Cx6eb8ff4e-c9cf Npm-flow-dev-tools-99.10.9 Vulnerable Package
HIGH Cx7401d0a9-2786 Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cx8079a3fb-ff1f Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cx9f739bef-35bb Npm-flow-dev-tools-99.10.9 Vulnerable Package
HIGH Cxa45b0853-bee2 Npm-momnet-2.29.1 Vulnerable Package
HIGH Cxae9d1b09-2adb Npm-scs-0.0.1 Vulnerable Package
HIGH Cxba94c01e-a95d Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cxbec87a55-fe55 Npm-node-ipc-9.2.2 Vulnerable Package
HIGH Cxc73fdf59-ac18 Npm-ua-parser-js-0.7.29 Vulnerable Package
HIGH Cxcc09496a-59c8 Npm-js-yaml-3.6.1 Vulnerable Package
HIGH Cxccd8b30c-808c Npm-scs-0.0.1 Vulnerable Package
HIGH Cxd55dbf56-4d06 Npm-scs-0.0.1 Vulnerable Package
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 Vulnerable Package
HIGH Cxec49316b-56df Npm-js-yaml-3.6.1 Vulnerable Package
HIGH Cxfd197ca1-b64b Npm-momnet-2.29.1 Vulnerable Package
HIGH Stored_XSS /small-project-main/dsvw.py: 26 Attack Vector
HIGH Stored_XSS /small-project-main/dsvw.py: 37 Attack Vector
HIGH Stored_XSS /small-project-main/dsvw.py: 35 Attack Vector
MEDIUM CVE-2020-28500 Npm-lodash-4.17.11 Vulnerable Package
MEDIUM Cx3bb8deb1-b4c0 Npm-scs-0.0.1 Vulnerable Package
MEDIUM Cx3cf24ca3-dd23 Npm-ua-parser-js-0.7.29 Vulnerable Package
MEDIUM Cx65afcea4-5e85 Npm-event-pubsub-5.0.3 Vulnerable Package
MEDIUM Cx743605c8-a95e Npm-momnet-2.29.1 Vulnerable Package
MEDIUM Cxba768ce4-aa4e Npm-node-ipc-9.2.2 Vulnerable Package
MEDIUM Cxc09edd5e-4a9e Npm-strong-type-0.1.6 Vulnerable Package
MEDIUM Cxf7a33198-8ff8 Npm-node-ipc-9.2.2 Vulnerable Package
MEDIUM Missing_HSTS_Header /small-project-main/dsvw.py: 76 Attack Vector
MEDIUM Unpinned Package Version in Apk Add /Dockerfile: 6 Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
LOW Healthcheck Instruction Missing /Dockerfile: 3 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Unsafe_Use_Of_Target_blank /small-project-main/dsvw.py: 63 Attack Vector
LOW Unsafe_Use_Of_Target_blank /small-project-main/dsvw.py: 10 Attack Vector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@igorlombacx