diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 00000000..616bbdc3 Binary files /dev/null and b/.DS_Store differ diff --git a/labs/.DS_Store b/labs/.DS_Store new file mode 100644 index 00000000..e1b7bc4c Binary files /dev/null and b/labs/.DS_Store differ diff --git a/labs/image-1.png b/labs/image-1.png new file mode 100644 index 00000000..03772aec Binary files /dev/null and b/labs/image-1.png differ diff --git a/labs/image.png b/labs/image.png new file mode 100644 index 00000000..c071fbef Binary files /dev/null and b/labs/image.png differ diff --git a/labs/lab10/.DS_Store b/labs/lab10/.DS_Store new file mode 100644 index 00000000..ce8180ce Binary files /dev/null and b/labs/lab10/.DS_Store differ diff --git a/labs/lab10/imports/import-grype-vuln-results.json.json b/labs/lab10/imports/import-grype-vuln-results.json.json new file mode 100644 index 00000000..e2651103 --- /dev/null +++ b/labs/lab10/imports/import-grype-vuln-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":4,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":12,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":12},"low":{"active":1,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":1},"medium":{"active":23,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":23},"high":{"active":21,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":21},"critical":{"active":8,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":8},"total":{"active":65,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":65}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Anchore Grype","close_old_findings":false,"close_old_findings_product_scope":false,"test":4} \ No newline at end of file diff --git a/labs/lab10/imports/import-nuclei-results.json.json b/labs/lab10/imports/import-nuclei-results.json.json new file mode 100644 index 00000000..f2f603e8 --- /dev/null +++ b/labs/lab10/imports/import-nuclei-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":3,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":3,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":3},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":3,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":3}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Nuclei Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":3} \ No newline at end of file diff --git a/labs/lab10/imports/import-semgrep-results.json.json b/labs/lab10/imports/import-semgrep-results.json.json new file mode 100644 index 00000000..54073dd8 --- /dev/null +++ b/labs/lab10/imports/import-semgrep-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":1,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Semgrep Pro JSON Report","close_old_findings":false,"close_old_findings_product_scope":false,"test":1} \ No newline at end of file diff --git a/labs/lab10/imports/import-trivy-vuln-detailed.json.json b/labs/lab10/imports/import-trivy-vuln-detailed.json.json new file mode 100644 index 00000000..d71eb346 --- /dev/null +++ b/labs/lab10/imports/import-trivy-vuln-detailed.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":2,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Trivy Operator Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":2} \ No newline at end of file diff --git a/labs/lab10/report/dojo-report.pdf b/labs/lab10/report/dojo-report.pdf new file mode 100644 index 00000000..4b758d0b Binary files /dev/null and b/labs/lab10/report/dojo-report.pdf differ diff --git a/labs/lab10/report/findings.csv b/labs/lab10/report/findings.csv new file mode 100644 index 00000000..203e4b07 --- /dev/null +++ b/labs/lab10/report/findings.csv @@ -0,0 +1,3 @@ +"","Name","Type","Lead","Date","Length","Tests","Active (Verified / Fixable)","Accepted","All","Duplicates" +"   View Edit Copy Close Add Tests Import Scan Results View Active Findings View Active and Verified Findings View Mitigated Findings View Accepted Findings View All Findings Engagement Report Delete Engagement","Labs Security Testing","CI/CD","Admin User (admin)","1st December - 1st December","1 year","4    Recent tests (last 7 days) Semgrep Pro JSON Report, Dec. 1, 2025, 8:15 p.m. Trivy Operator Scan, Dec. 1, 2025, 8:15 p.m. Nuclei Scan, Dec. 1, 2025, 8:15 p.m. Anchore Grype, Dec. 1, 2025, 8:15 p.m. View all 4 tests...","68 (0/0)","0","68","0" + diff --git a/labs/lab10/report/metrics-snapshot.md b/labs/lab10/report/metrics-snapshot.md new file mode 100644 index 00000000..27ad3111 --- /dev/null +++ b/labs/lab10/report/metrics-snapshot.md @@ -0,0 +1,10 @@ +# Metrics Snapshot — Lab 10 + +- Date captured: 68 +- Active findings: + - Critical: 8 + - High: 21 + - Medium: 23 + - Low: 1 + - Informational: 15 +- Verified vs. Mitigated notes: All findings currently active; no verified or mitigated items yet. diff --git a/labs/lab10/setup/.DS_Store b/labs/lab10/setup/.DS_Store new file mode 100644 index 00000000..6dee3c01 Binary files /dev/null and b/labs/lab10/setup/.DS_Store differ diff --git a/labs/lab10/setup/django-DefectDojo b/labs/lab10/setup/django-DefectDojo new file mode 160000 index 00000000..b9836f2f --- /dev/null +++ b/labs/lab10/setup/django-DefectDojo @@ -0,0 +1 @@ +Subproject commit b9836f2fffb0588e45b3b6fbffa06bb643543b04 diff --git a/labs/lab4/syft/grype-vuln-results.json b/labs/lab4/syft/grype-vuln-results.json new file mode 100644 index 00000000..7a74328e --- /dev/null +++ b/labs/lab4/syft/grype-vuln-results.json @@ -0,0 +1 @@ +{"matches":[{"vulnerability":{"id":"GHSA-whpj-8f3w-67p5","dataSource":"https://github.com/advisories/GHSA-whpj-8f3w-67p5","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"vm2 Sandbox Escape vulnerability","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32314","epss":0.69492,"percentile":0.98613,"date":"2025-10-02"}],"fix":{"versions":["3.9.18"],"state":"fixed","available":[{"version":"3.9.18","date":"2023-05-16","kind":"first-observed"}]},"advisories":[],"risk":65.32248},"relatedVulnerabilities":[{"id":"CVE-2023-32314","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-32314","namespace":"nvd:cpe","severity":"Critical","urls":["https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac","https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf","https://github.com/patriksimek/vm2/releases/tag/3.9.18","https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5","https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac","https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf","https://github.com/patriksimek/vm2/releases/tag/3.9.18","https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"],"description":"vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","metrics":{"baseScore":10,"exploitabilityScore":3.9,"impactScore":6.1},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32314","epss":0.69492,"percentile":0.98613,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"vm2","version":"3.9.17"}},"found":{"vulnerabilityID":"GHSA-whpj-8f3w-67p5","versionConstraint":"<3.9.18 (semantic)"},"fix":{"suggestedVersion":"3.9.18"}}],"artifact":{"id":"9137ec7afce7bb08","name":"vm2","version":"3.9.17","type":"npm","locations":[{"path":"/juice-shop/node_modules/vm2/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/vm2/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:vm2_project:vm2:3.9.17:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/vm2@3.9.17","upstreams":[]}},{"vulnerability":{"id":"GHSA-c7hr-j4mj-j2w6","dataSource":"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"Verification Bypass in jsonwebtoken","cvss":[],"epss":[{"cve":"CVE-2015-9235","epss":0.41149,"percentile":0.97309,"date":"2025-10-02"}],"fix":{"versions":["4.2.2"],"state":"fixed","available":[{"version":"4.2.2","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":37.0341},"relatedVulnerabilities":[{"id":"CVE-2015-9235","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2015-9235","namespace":"nvd:cpe","severity":"Critical","urls":["https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/","https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687","https://nodesecurity.io/advisories/17","https://www.timmclean.net/2015/02/25/jwt-alg-none.html","https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/","https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687","https://nodesecurity.io/advisories/17","https://www.timmclean.net/2015/02/25/jwt-alg-none.html"],"description":"In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","metrics":{"baseScore":7.5,"exploitabilityScore":10,"impactScore":6.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2015-9235","epss":0.41149,"percentile":0.97309,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.1.0"}},"found":{"vulnerabilityID":"GHSA-c7hr-j4mj-j2w6","versionConstraint":"<4.2.2 (semantic)"},"fix":{"suggestedVersion":"4.2.2"}}],"artifact":{"id":"c29669d438fb9e38","name":"jsonwebtoken","version":"0.1.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.1.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.1.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-c7hr-j4mj-j2w6","dataSource":"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"Verification Bypass in jsonwebtoken","cvss":[],"epss":[{"cve":"CVE-2015-9235","epss":0.41149,"percentile":0.97309,"date":"2025-10-02"}],"fix":{"versions":["4.2.2"],"state":"fixed","available":[{"version":"4.2.2","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":37.0341},"relatedVulnerabilities":[{"id":"CVE-2015-9235","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2015-9235","namespace":"nvd:cpe","severity":"Critical","urls":["https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/","https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687","https://nodesecurity.io/advisories/17","https://www.timmclean.net/2015/02/25/jwt-alg-none.html","https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/","https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687","https://nodesecurity.io/advisories/17","https://www.timmclean.net/2015/02/25/jwt-alg-none.html"],"description":"In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","metrics":{"baseScore":7.5,"exploitabilityScore":10,"impactScore":6.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2015-9235","epss":0.41149,"percentile":0.97309,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.4.0"}},"found":{"vulnerabilityID":"GHSA-c7hr-j4mj-j2w6","versionConstraint":"<4.2.2 (semantic)"},"fix":{"suggestedVersion":"4.2.2"}}],"artifact":{"id":"1e23bc54c16fbe6d","name":"jsonwebtoken","version":"0.4.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.4.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.4.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-g644-9gfx-q4q4","dataSource":"https://github.com/advisories/GHSA-g644-9gfx-q4q4","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"vm2 Sandbox Escape vulnerability","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-37903","epss":0.35568,"percentile":0.96958,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":33.43392},"relatedVulnerabilities":[{"id":"CVE-2023-37903","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-37903","namespace":"nvd:cpe","severity":"Critical","urls":["https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4","https://security.netapp.com/advisory/ntap-20230831-0007/","https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4","https://security.netapp.com/advisory/ntap-20230831-0007/"],"description":"vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","metrics":{"baseScore":10,"exploitabilityScore":3.9,"impactScore":6.1},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-37903","epss":0.35568,"percentile":0.96958,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"vm2","version":"3.9.17"}},"found":{"vulnerabilityID":"GHSA-g644-9gfx-q4q4","versionConstraint":"<=3.9.19 (semantic)"}}],"artifact":{"id":"9137ec7afce7bb08","name":"vm2","version":"3.9.17","type":"npm","locations":[{"path":"/juice-shop/node_modules/vm2/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/vm2/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:vm2_project:vm2:3.9.17:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/vm2@3.9.17","upstreams":[]}},{"vulnerability":{"id":"GHSA-cchq-frgv-rjh5","dataSource":"https://github.com/advisories/GHSA-cchq-frgv-rjh5","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"vm2 Sandbox Escape vulnerability","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-37466","epss":0.04732,"percentile":0.88984,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":4.44808},"relatedVulnerabilities":[{"id":"CVE-2023-37466","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-37466","namespace":"nvd:cpe","severity":"Critical","urls":["https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"],"description":"vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","metrics":{"baseScore":10,"exploitabilityScore":3.9,"impactScore":6.1},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-37466","epss":0.04732,"percentile":0.88984,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"vm2","version":"3.9.17"}},"found":{"vulnerabilityID":"GHSA-cchq-frgv-rjh5","versionConstraint":"<=3.9.19 (semantic)"}}],"artifact":{"id":"9137ec7afce7bb08","name":"vm2","version":"3.9.17","type":"npm","locations":[{"path":"/juice-shop/node_modules/vm2/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/vm2/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:vm2_project:vm2:3.9.17:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/vm2@3.9.17","upstreams":[]}},{"vulnerability":{"id":"GHSA-2p57-rm9w-gvfp","dataSource":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp","namespace":"github:language:javascript","severity":"High","urls":[],"description":"ip SSRF improper categorization in isPublic","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":8.1,"exploitabilityScore":2.3,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-29415","epss":0.02922,"percentile":0.85935,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":2.27916},"relatedVulnerabilities":[{"id":"CVE-2024-29415","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-29415","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/indutny/node-ip/issues/150","https://github.com/indutny/node-ip/pull/143","https://github.com/indutny/node-ip/pull/144","https://github.com/indutny/node-ip/issues/150","https://github.com/indutny/node-ip/pull/143","https://github.com/indutny/node-ip/pull/144","https://security.netapp.com/advisory/ntap-20250117-0010/"],"description":"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":8.1,"exploitabilityScore":2.3,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-29415","epss":0.02922,"percentile":0.85935,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"ip","version":"2.0.1"}},"found":{"vulnerabilityID":"GHSA-2p57-rm9w-gvfp","versionConstraint":"<=2.0.1 (semantic)"}}],"artifact":{"id":"80c437d1f8f690a8","name":"ip","version":"2.0.1","type":"npm","locations":[{"path":"/juice-shop/node_modules/ip/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/ip/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:fedorindutny:ip:2.0.1:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/ip@2.0.1","upstreams":[]}},{"vulnerability":{"id":"GHSA-r7qp-cfhv-p84w","dataSource":"https://github.com/advisories/GHSA-r7qp-cfhv-p84w","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Uncaught exception in engine.io","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-41940","epss":0.02779,"percentile":0.85569,"date":"2025-10-02"}],"fix":{"versions":["6.2.1"],"state":"fixed","available":[{"version":"6.2.1","date":"2022-11-23","kind":"first-observed"}]},"advisories":[],"risk":1.5979249999999996},"relatedVulnerabilities":[{"id":"CVE-2022-41940","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-41940","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6","https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085","https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w","https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6","https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085","https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w"],"description":"Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H","metrics":{"baseScore":7.1,"exploitabilityScore":1.7,"impactScore":5.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-41940","epss":0.02779,"percentile":0.85569,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"engine.io","version":"4.1.2"}},"found":{"vulnerabilityID":"GHSA-r7qp-cfhv-p84w","versionConstraint":">=4.0.0,<6.2.1 (semantic)"},"fix":{"suggestedVersion":"6.2.1"}}],"artifact":{"id":"8c4af4f22e5de7e4","name":"engine.io","version":"4.1.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/engine.io/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/engine.io/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:socket:engine.io:4.1.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/engine.io@4.1.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-p6mc-m468-83gw","dataSource":"https://github.com/advisories/GHSA-p6mc-m468-83gw","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Prototype Pollution in lodash","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","metrics":{"baseScore":7.4,"exploitabilityScore":2.3,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2020-8203","epss":0.01999,"percentile":0.83052,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":1.489255},"relatedVulnerabilities":[{"id":"CVE-2020-8203","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2020-8203","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/lodash/lodash/issues/4874","https://hackerone.com/reports/712065","https://security.netapp.com/advisory/ntap-20200724-0006/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://github.com/lodash/lodash/issues/4874","https://hackerone.com/reports/712065","https://security.netapp.com/advisory/ntap-20200724-0006/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"description":"Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","metrics":{"baseScore":7.4,"exploitabilityScore":2.3,"impactScore":5.2},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:P","metrics":{"baseScore":5.8,"exploitabilityScore":8.6,"impactScore":5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2020-8203","epss":0.01999,"percentile":0.83052,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"lodash.set","version":"4.3.2"}},"found":{"vulnerabilityID":"GHSA-p6mc-m468-83gw","versionConstraint":">=3.7.0,<=4.3.2 (semantic)"}}],"artifact":{"id":"be8f210a7cd0fab3","name":"lodash.set","version":"4.3.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/lodash.set/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/lodash.set/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:lodash.set:lodash.set:4.3.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/lodash.set@4.3.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-jf85-cpcp-j695","dataSource":"https://github.com/advisories/GHSA-jf85-cpcp-j695","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"Prototype Pollution in lodash","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-10744","epss":0.01176,"percentile":0.78091,"date":"2025-10-02"}],"fix":{"versions":["4.17.12"],"state":"fixed","available":[{"version":"4.17.12","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":1.06428},"relatedVulnerabilities":[{"id":"CVE-2019-10744","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-10744","namespace":"nvd:cpe","severity":"Critical","urls":["https://access.redhat.com/errata/RHSA-2019:3024","https://security.netapp.com/advisory/ntap-20191004-0005/","https://snyk.io/vuln/SNYK-JS-LODASH-450202","https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://access.redhat.com/errata/RHSA-2019:3024","https://security.netapp.com/advisory/ntap-20191004-0005/","https://snyk.io/vuln/SNYK-JS-LODASH-450202","https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"description":"Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:P","metrics":{"baseScore":6.4,"exploitabilityScore":10,"impactScore":5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-10744","epss":0.01176,"percentile":0.78091,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"lodash","version":"2.4.2"}},"found":{"vulnerabilityID":"GHSA-jf85-cpcp-j695","versionConstraint":"<4.17.12 (semantic)"},"fix":{"suggestedVersion":"4.17.12"}}],"artifact":{"id":"dbbb92a4d9c4d340","name":"lodash","version":"2.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:lodash:lodash:2.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/lodash@2.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-xwcq-pm8m-c4vf","dataSource":"https://github.com/advisories/GHSA-xwcq-pm8m-c4vf","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-46233","epss":0.00963,"percentile":0.75812,"date":"2025-10-02"}],"fix":{"versions":["4.2.0"],"state":"fixed","available":[{"version":"4.2.0","date":"2023-10-26","kind":"first-observed"}]},"advisories":[],"risk":0.8715149999999999},"relatedVulnerabilities":[{"id":"CVE-2023-46233","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-46233","namespace":"nvd:cpe","severity":"Critical","urls":["https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a","https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf","https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html","https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a","https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf","https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html"],"description":"crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-46233","epss":0.00963,"percentile":0.75812,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"crypto-js","version":"3.3.0"}},"found":{"vulnerabilityID":"GHSA-xwcq-pm8m-c4vf","versionConstraint":"<4.2.0 (semantic)"},"fix":{"suggestedVersion":"4.2.0"}}],"artifact":{"id":"c00a8b8b043aae72","name":"crypto-js","version":"3.3.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/crypto-js/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/crypto-js/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:crypto-js:crypto-js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:crypto-js:crypto_js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:crypto_js:crypto-js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:crypto_js:crypto_js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:crypto:crypto-js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:crypto:crypto_js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:brix:crypto-js:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:brix:crypto_js:3.3.0:*:*:*:*:*:*:*"],"purl":"pkg:npm/crypto-js@3.3.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-87vv-r9j6-g5qv","dataSource":"https://github.com/advisories/GHSA-87vv-r9j6-g5qv","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Regular Expression Denial of Service in moment","cvss":[{"type":"Secondary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2016-4055","epss":0.01352,"percentile":0.79521,"date":"2025-10-02"}],"fix":{"versions":["2.11.2"],"state":"fixed","available":[{"version":"2.11.2","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":0.7774},"relatedVulnerabilities":[{"id":"CVE-2016-4055","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2016-4055","namespace":"nvd:cpe","severity":"Medium","urls":["http://www.openwall.com/lists/oss-security/2016/04/20/11","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/95849","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E","https://nodesecurity.io/advisories/55","https://www.tenable.com/security/tns-2019-02","http://www.openwall.com/lists/oss-security/2016/04/20/11","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/95849","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E","https://nodesecurity.io/advisories/55","https://www.tenable.com/security/tns-2019-02"],"description":"The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a \"regular expression Denial of Service (ReDoS).\"","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","metrics":{"baseScore":7.8,"exploitabilityScore":10,"impactScore":6.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2016-4055","epss":0.01352,"percentile":0.79521,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"moment","version":"2.0.0"}},"found":{"vulnerabilityID":"GHSA-87vv-r9j6-g5qv","versionConstraint":"<2.11.2 (semantic)"},"fix":{"suggestedVersion":"2.11.2"}}],"artifact":{"id":"fb07dad56d7726f5","name":"moment","version":"2.0.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:momentjs:moment:2.0.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/moment@2.0.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-rm97-x556-q36h","dataSource":"https://github.com/advisories/GHSA-rm97-x556-q36h","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"sanitize-html Information Exposure vulnerability","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-21501","epss":0.01341,"percentile":0.79414,"date":"2025-10-02"}],"fix":{"versions":["2.12.1"],"state":"fixed","available":[{"version":"2.12.1","date":"2024-03-02","kind":"first-observed"}]},"advisories":[],"risk":0.690615},"relatedVulnerabilities":[{"id":"CVE-2024-21501","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-21501","namespace":"nvd:cpe","severity":"Medium","urls":["https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf","https://github.com/apostrophecms/apostrophe/discussions/4436","https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4","https://github.com/apostrophecms/sanitize-html/pull/650","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557","https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334","https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf","https://github.com/apostrophecms/apostrophe/discussions/4436","https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4","https://github.com/apostrophecms/sanitize-html/pull/650","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557","https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334"],"description":"Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"report@snyk.io","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-21501","epss":0.01341,"percentile":0.79414,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-rm97-x556-q36h","versionConstraint":"<2.12.1 (semantic)"},"fix":{"suggestedVersion":"2.12.1"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-8hfj-j24r-96c4","dataSource":"https://github.com/advisories/GHSA-8hfj-j24r-96c4","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Path Traversal: 'dir/../../filename' in moment.locale","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-24785","epss":0.00694,"percentile":0.71131,"date":"2025-10-02"}],"fix":{"versions":["2.29.2"],"state":"fixed","available":[{"version":"2.29.2","date":"2022-04-09","kind":"first-observed"}]},"advisories":[],"risk":0.5205},"relatedVulnerabilities":[{"id":"CVE-2022-24785","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-24785","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/","https://security.netapp.com/advisory/ntap-20220513-0006/","https://www.tenable.com/security/tns-2022-09","https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/","https://security.netapp.com/advisory/ntap-20220513-0006/","https://www.tenable.com/security/tns-2022-09"],"description":"Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-24785","epss":0.00694,"percentile":0.71131,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"moment","version":"2.0.0"}},"found":{"vulnerabilityID":"GHSA-8hfj-j24r-96c4","versionConstraint":"<2.29.2 (semantic)"},"fix":{"suggestedVersion":"2.29.2"}}],"artifact":{"id":"fb07dad56d7726f5","name":"moment","version":"2.0.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:momentjs:moment:2.0.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/moment@2.0.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-pfrx-2q88-qq97","dataSource":"https://github.com/advisories/GHSA-pfrx-2q88-qq97","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Got allows a redirect to a UNIX socket","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-33987","epss":0.00788,"percentile":0.73151,"date":"2025-10-02"}],"fix":{"versions":["11.8.5"],"state":"fixed","available":[{"version":"11.8.5","date":"2022-06-22","kind":"first-observed"}]},"advisories":[],"risk":0.40581999999999996},"relatedVulnerabilities":[{"id":"CVE-2022-33987","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-33987","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0","https://github.com/sindresorhus/got/pull/2047","https://github.com/sindresorhus/got/releases/tag/v11.8.5","https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0","https://github.com/sindresorhus/got/pull/2047","https://github.com/sindresorhus/got/releases/tag/v11.8.5"],"description":"The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-33987","epss":0.00788,"percentile":0.73151,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"got","version":"8.3.2"}},"found":{"vulnerabilityID":"GHSA-pfrx-2q88-qq97","versionConstraint":"<11.8.5 (semantic)"},"fix":{"suggestedVersion":"11.8.5"}}],"artifact":{"id":"5bd1b0995776246c","name":"got","version":"8.3.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/got/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/got/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:got:got:8.3.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/got@8.3.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-3h5v-q93c-6h6q","dataSource":"https://github.com/advisories/GHSA-3h5v-q93c-6h6q","namespace":"github:language:javascript","severity":"High","urls":[],"description":"ws affected by a DoS when handling a request with many HTTP headers","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-37890","epss":0.00541,"percentile":0.66822,"date":"2025-10-02"}],"fix":{"versions":["7.5.10"],"state":"fixed","available":[{"version":"7.5.10","date":"2024-06-18","kind":"first-observed"}]},"advisories":[],"risk":0.40575000000000006},"relatedVulnerabilities":[{"id":"CVE-2024-37890","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-37890","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f","https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e","https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c","https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63","https://github.com/websockets/ws/issues/2230","https://github.com/websockets/ws/pull/2231","https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q","https://nodejs.org/api/http.html#servermaxheaderscount","https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f","https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e","https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c","https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63","https://github.com/websockets/ws/issues/2230","https://github.com/websockets/ws/pull/2231","https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q","https://nodejs.org/api/http.html#servermaxheaderscount"],"description":"ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-37890","epss":0.00541,"percentile":0.66822,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"ws","version":"7.4.6"}},"found":{"vulnerabilityID":"GHSA-3h5v-q93c-6h6q","versionConstraint":">=7.0.0,<7.5.10 (semantic)"},"fix":{"suggestedVersion":"7.5.10"}}],"artifact":{"id":"670482146c83d660","name":"ws","version":"7.4.6","type":"npm","locations":[{"path":"/juice-shop/node_modules/engine.io/node_modules/ws/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/engine.io/node_modules/ws/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:ws_project:ws:7.4.6:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/ws@7.4.6","upstreams":[]}},{"vulnerability":{"id":"GHSA-p5gc-c584-jj6v","dataSource":"https://github.com/advisories/GHSA-p5gc-c584-jj6v","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"vm2 vulnerable to Inspect Manipulation","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32313","epss":0.00653,"percentile":0.70147,"date":"2025-10-02"}],"fix":{"versions":["3.9.18"],"state":"fixed","available":[{"version":"3.9.18","date":"2023-05-18","kind":"first-observed"}]},"advisories":[],"risk":0.33629500000000007},"relatedVulnerabilities":[{"id":"CVE-2023-32313","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-32313","namespace":"nvd:cpe","severity":"Medium","urls":["https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550","https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238","https://github.com/patriksimek/vm2/releases/tag/3.9.18","https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v","https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550","https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238","https://github.com/patriksimek/vm2/releases/tag/3.9.18","https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v"],"description":"vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32313","epss":0.00653,"percentile":0.70147,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"vm2","version":"3.9.17"}},"found":{"vulnerabilityID":"GHSA-p5gc-c584-jj6v","versionConstraint":"<3.9.18 (semantic)"},"fix":{"suggestedVersion":"3.9.18"}}],"artifact":{"id":"9137ec7afce7bb08","name":"vm2","version":"3.9.17","type":"npm","locations":[{"path":"/juice-shop/node_modules/vm2/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/vm2/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:vm2_project:vm2:3.9.17:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/vm2@3.9.17","upstreams":[]}},{"vulnerability":{"id":"GHSA-35jh-r3h4-6jhm","dataSource":"https://github.com/advisories/GHSA-35jh-r3h4-6jhm","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Command Injection in lodash","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":7.2,"exploitabilityScore":1.3,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-23337","epss":0.00322,"percentile":0.54852,"date":"2025-10-02"}],"fix":{"versions":["4.17.21"],"state":"fixed","available":[{"version":"4.17.21","date":"2021-05-07","kind":"first-observed"}]},"advisories":[],"risk":0.23667000000000002},"relatedVulnerabilities":[{"id":"CVE-2021-23337","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2021-23337","namespace":"nvd:cpe","severity":"High","urls":["https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851","https://security.netapp.com/advisory/ntap-20210312-0006/","https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929","https://snyk.io/vuln/SNYK-JS-LODASH-1040724","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851","https://security.netapp.com/advisory/ntap-20210312-0006/","https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929","https://snyk.io/vuln/SNYK-JS-LODASH-1040724","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"description":"Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":7.2,"exploitabilityScore":1.3,"impactScore":5.9},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","metrics":{"baseScore":6.5,"exploitabilityScore":8,"impactScore":6.5},"vendorMetadata":{}},{"source":"report@snyk.io","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":7.2,"exploitabilityScore":1.3,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-23337","epss":0.00322,"percentile":0.54852,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"lodash","version":"2.4.2"}},"found":{"vulnerabilityID":"GHSA-35jh-r3h4-6jhm","versionConstraint":"<4.17.21 (semantic)"},"fix":{"suggestedVersion":"4.17.21"}}],"artifact":{"id":"dbbb92a4d9c4d340","name":"lodash","version":"2.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:lodash:lodash:2.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/lodash@2.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-446m-mv8f-q348","dataSource":"https://github.com/advisories/GHSA-446m-mv8f-q348","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Regular Expression Denial of Service in moment","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2017-18214","epss":0.00243,"percentile":0.47745,"date":"2025-10-02"}],"fix":{"versions":["2.19.3"],"state":"fixed","available":[{"version":"2.19.3","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":0.18225},"relatedVulnerabilities":[{"id":"CVE-2017-18214","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2017-18214","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/moment/moment/issues/4163","https://nodesecurity.io/advisories/532","https://www.tenable.com/security/tns-2019-02","https://github.com/moment/moment/issues/4163","https://nodesecurity.io/advisories/532","https://www.tenable.com/security/tns-2019-02"],"description":"The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2017-18214","epss":0.00243,"percentile":0.47745,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"moment","version":"2.0.0"}},"found":{"vulnerabilityID":"GHSA-446m-mv8f-q348","versionConstraint":"<2.19.3 (semantic)"},"fix":{"suggestedVersion":"2.19.3"}}],"artifact":{"id":"fb07dad56d7726f5","name":"moment","version":"2.0.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/moment/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:momentjs:moment:2.0.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/moment@2.0.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-3j7m-hmh3-9jmp","dataSource":"https://github.com/advisories/GHSA-3j7m-hmh3-9jmp","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Cross-Site Scripting in sanitize-html","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","metrics":{"baseScore":6.1,"exploitabilityScore":2.9,"impactScore":2.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2016-1000237","epss":0.00328,"percentile":0.55335,"date":"2025-10-02"}],"fix":{"versions":["1.4.3"],"state":"fixed","available":[{"version":"1.4.3","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":0.18203999999999998},"relatedVulnerabilities":[{"id":"CVE-2016-1000237","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000237","namespace":"nvd:cpe","severity":"Medium","urls":["https://nodesecurity.io/advisories/135","https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json","https://nodesecurity.io/advisories/135","https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json"],"description":"sanitize-html before 1.4.3 has XSS.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","metrics":{"baseScore":6.1,"exploitabilityScore":2.9,"impactScore":2.8},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2016-1000237","epss":0.00328,"percentile":0.55335,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-3j7m-hmh3-9jmp","versionConstraint":"<1.4.3 (semantic)"},"fix":{"suggestedVersion":"1.4.3"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-8g4m-cjm2-96wq","dataSource":"https://github.com/advisories/GHSA-8g4m-cjm2-96wq","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Sandbox escape in notevil and argencoders-notevil","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","metrics":{"baseScore":6.5,"exploitabilityScore":3.9,"impactScore":2.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-23771","epss":0.00304,"percentile":0.53363,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.1748},"relatedVulnerabilities":[{"id":"CVE-2021-23771","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2021-23771","namespace":"nvd:cpe","severity":"Medium","urls":["https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587","https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946","https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587","https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946"],"description":"This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","metrics":{"baseScore":6.5,"exploitabilityScore":3.9,"impactScore":2.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","metrics":{"baseScore":6.4,"exploitabilityScore":10,"impactScore":5},"vendorMetadata":{}},{"source":"report@snyk.io","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","metrics":{"baseScore":6.5,"exploitabilityScore":3.9,"impactScore":2.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-23771","epss":0.00304,"percentile":0.53363,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"notevil","version":"1.3.3"}},"found":{"vulnerabilityID":"GHSA-8g4m-cjm2-96wq","versionConstraint":"<=1.3.3 (semantic)"}}],"artifact":{"id":"06d4740823f7ae47","name":"notevil","version":"1.3.3","type":"npm","locations":[{"path":"/juice-shop/node_modules/notevil/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/notevil/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:notevil_project:notevil:1.3.3:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/notevil@1.3.3","upstreams":[]}},{"vulnerability":{"id":"GHSA-4xc9-xhrj-v574","dataSource":"https://github.com/advisories/GHSA-4xc9-xhrj-v574","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Prototype Pollution in lodash","cvss":[],"epss":[{"cve":"CVE-2018-16487","epss":0.00207,"percentile":0.43286,"date":"2025-10-02"}],"fix":{"versions":["4.17.11"],"state":"fixed","available":[{"version":"4.17.11","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":0.15524999999999997},"relatedVulnerabilities":[{"id":"CVE-2018-16487","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2018-16487","namespace":"nvd:cpe","severity":"Medium","urls":["https://hackerone.com/reports/380873","https://security.netapp.com/advisory/ntap-20190919-0004/","https://hackerone.com/reports/380873","https://security.netapp.com/advisory/ntap-20190919-0004/"],"description":"A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":5.6,"exploitabilityScore":2.3,"impactScore":3.4},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","metrics":{"baseScore":6.8,"exploitabilityScore":8.6,"impactScore":6.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2018-16487","epss":0.00207,"percentile":0.43286,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"lodash","version":"2.4.2"}},"found":{"vulnerabilityID":"GHSA-4xc9-xhrj-v574","versionConstraint":"<4.17.11 (semantic)"},"fix":{"suggestedVersion":"4.17.11"}}],"artifact":{"id":"dbbb92a4d9c4d340","name":"lodash","version":"2.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:lodash:lodash:2.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/lodash@2.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-mjxr-4v3x-q3m4","dataSource":"https://github.com/advisories/GHSA-mjxr-4v3x-q3m4","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Improper Input Validation in sanitize-html","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-26540","epss":0.00288,"percentile":0.52121,"date":"2025-10-02"}],"fix":{"versions":["2.3.2"],"state":"fixed","available":[{"version":"2.3.2","date":"2021-05-07","kind":"first-observed"}]},"advisories":[],"risk":0.14832},"relatedVulnerabilities":[{"id":"CVE-2021-26540","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2021-26540","namespace":"nvd:cpe","severity":"Medium","urls":["https://advisory.checkmarx.net/advisory/CX-2021-4309","https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26","https://github.com/apostrophecms/sanitize-html/pull/460","https://advisory.checkmarx.net/advisory/CX-2021-4309","https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26","https://github.com/apostrophecms/sanitize-html/pull/460"],"description":"Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-26540","epss":0.00288,"percentile":0.52121,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-mjxr-4v3x-q3m4","versionConstraint":"<2.3.2 (semantic)"},"fix":{"suggestedVersion":"2.3.2"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-rjqq-98f6-6j3r","dataSource":"https://github.com/advisories/GHSA-rjqq-98f6-6j3r","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Improper Input Validation in sanitize-html","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-26539","epss":0.00288,"percentile":0.52121,"date":"2025-10-02"}],"fix":{"versions":["2.3.1"],"state":"fixed","available":[{"version":"2.3.1","date":"2021-05-07","kind":"first-observed"}]},"advisories":[],"risk":0.14832},"relatedVulnerabilities":[{"id":"CVE-2021-26539","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2021-26539","namespace":"nvd:cpe","severity":"Medium","urls":["https://advisory.checkmarx.net/advisory/CX-2021-4308","https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22","https://github.com/apostrophecms/sanitize-html/pull/458","https://advisory.checkmarx.net/advisory/CX-2021-4308","https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22","https://github.com/apostrophecms/sanitize-html/pull/458"],"description":"Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2021-26539","epss":0.00288,"percentile":0.52121,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-rjqq-98f6-6j3r","versionConstraint":"<2.3.1 (semantic)"},"fix":{"suggestedVersion":"2.3.1"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-xc6g-ggrc-qq4r","dataSource":"https://github.com/advisories/GHSA-xc6g-ggrc-qq4r","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Cross-Site Scripting in sanitize-html","cvss":[],"epss":[{"cve":"CVE-2017-16016","epss":0.00286,"percentile":0.51891,"date":"2025-10-02"}],"fix":{"versions":["1.11.4"],"state":"fixed","available":[{"version":"1.11.4","date":"2021-03-30","kind":"first-observed"}]},"advisories":[],"risk":0.14300000000000002},"relatedVulnerabilities":[{"id":"CVE-2017-16016","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2017-16016","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403","https://github.com/punkave/sanitize-html/issues/100","https://nodesecurity.io/advisories/154","https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403","https://github.com/punkave/sanitize-html/issues/100","https://nodesecurity.io/advisories/154"],"description":"Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","metrics":{"baseScore":6.1,"exploitabilityScore":2.9,"impactScore":2.8},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2017-16016","epss":0.00286,"percentile":0.51891,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-xc6g-ggrc-qq4r","versionConstraint":"<=1.11.1 (semantic)"},"fix":{"suggestedVersion":"1.11.4"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-grv7-fg5c-xmjg","dataSource":"https://github.com/advisories/GHSA-grv7-fg5c-xmjg","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Uncontrolled resource consumption in braces","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-4068","epss":0.00159,"percentile":0.37538,"date":"2025-10-02"}],"fix":{"versions":["3.0.3"],"state":"fixed","available":[{"version":"3.0.3","date":"2024-06-11","kind":"first-observed"}]},"advisories":[],"risk":0.11925},"relatedVulnerabilities":[{"id":"CVE-2024-4068","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-4068","namespace":"nvd:cpe","severity":"High","urls":["https://devhub.checkmarx.com/cve-details/CVE-2024-4068/","https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff","https://github.com/micromatch/braces/issues/35","https://github.com/micromatch/braces/pull/37","https://github.com/micromatch/braces/pull/40","https://devhub.checkmarx.com/cve-details/CVE-2024-4068/","https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff","https://github.com/micromatch/braces/issues/35","https://github.com/micromatch/braces/pull/37","https://github.com/micromatch/braces/pull/40"],"description":"The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.","cvss":[{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-4068","epss":0.00159,"percentile":0.37538,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"braces","version":"2.3.2"}},"found":{"vulnerabilityID":"GHSA-grv7-fg5c-xmjg","versionConstraint":"<3.0.3 (semantic)"},"fix":{"suggestedVersion":"3.0.3"}}],"artifact":{"id":"e18c817c2057c675","name":"braces","version":"2.3.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/braces/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/braces/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:braces_project:braces:2.3.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/braces@2.3.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-rc47-6667-2j5j","dataSource":"https://github.com/advisories/GHSA-rc47-6667-2j5j","namespace":"github:language:javascript","severity":"High","urls":[],"description":"http-cache-semantics vulnerable to Regular Expression Denial of Service","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-25881","epss":0.00159,"percentile":0.37495,"date":"2025-10-02"}],"fix":{"versions":["4.1.1"],"state":"fixed","available":[{"version":"4.1.1","date":"2023-02-03","kind":"first-observed"}]},"advisories":[],"risk":0.11925},"relatedVulnerabilities":[{"id":"CVE-2022-25881","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-25881","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83","https://security.netapp.com/advisory/ntap-20230622-0008/","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332","https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783","https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83","https://security.netapp.com/advisory/ntap-20230622-0008/","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332","https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783"],"description":"This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"report@snyk.io","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-25881","epss":0.00159,"percentile":0.37495,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"http-cache-semantics","version":"3.8.1"}},"found":{"vulnerabilityID":"GHSA-rc47-6667-2j5j","versionConstraint":"<4.1.1 (semantic)"},"fix":{"suggestedVersion":"4.1.1"}}],"artifact":{"id":"bd9e0a0c5346494e","name":"http-cache-semantics","version":"3.8.1","type":"npm","locations":[{"path":"/juice-shop/node_modules/http-cache-semantics/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/http-cache-semantics/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["BSD-2-Clause"],"cpes":["cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:3.8.1:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/http-cache-semantics@3.8.1","upstreams":[]}},{"vulnerability":{"id":"GHSA-f5x3-32g6-xq36","dataSource":"https://github.com/advisories/GHSA-f5x3-32g6-xq36","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Denial of service while parsing a tar file due to lack of folders count validation","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-28863","epss":0.00198,"percentile":0.42237,"date":"2025-10-02"}],"fix":{"versions":["6.2.1"],"state":"fixed","available":[{"version":"6.2.1","date":"2024-04-10","kind":"first-observed"}]},"advisories":[],"risk":0.11384999999999999},"relatedVulnerabilities":[{"id":"CVE-2024-28863","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-28863","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7","https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36","https://security.netapp.com/advisory/ntap-20240524-0005/","https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7","https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36","https://security.netapp.com/advisory/ntap-20240524-0005/"],"description":"node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-28863","epss":0.00198,"percentile":0.42237,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"tar","version":"4.4.19"}},"found":{"vulnerabilityID":"GHSA-f5x3-32g6-xq36","versionConstraint":"<6.2.1 (semantic)"},"fix":{"suggestedVersion":"6.2.1"}}],"artifact":{"id":"f42c59d94c10b95d","name":"tar","version":"4.4.19","type":"npm","locations":[{"path":"/juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["ISC"],"cpes":["cpe:2.3:a:tar_project:tar:4.4.19:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/tar@4.4.19","upstreams":[]}},{"vulnerability":{"id":"GHSA-cqmj-92xf-r6r9","dataSource":"https://github.com/advisories/GHSA-cqmj-92xf-r6r9","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Insufficient validation when decoding a Socket.IO packet","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":7.3,"exploitabilityScore":3.9,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32695","epss":0.00162,"percentile":0.37918,"date":"2025-10-02"}],"fix":{"versions":["4.2.3"],"state":"fixed","available":[{"version":"4.2.3","date":"2023-05-24","kind":"first-observed"}]},"advisories":[],"risk":0.09962999999999998},"relatedVulnerabilities":[{"id":"CVE-2023-32695","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2023-32695","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced","https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3","https://github.com/socketio/socket.io-parser/releases/tag/4.2.3","https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9","https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced","https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3","https://github.com/socketio/socket.io-parser/releases/tag/4.2.3","https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"],"description":"socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":7.3,"exploitabilityScore":3.9,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2023-32695","epss":0.00162,"percentile":0.37918,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"socket.io-parser","version":"4.0.5"}},"found":{"vulnerabilityID":"GHSA-cqmj-92xf-r6r9","versionConstraint":">=4.0.4,<4.2.3 (semantic)"},"fix":{"suggestedVersion":"4.2.3"}}],"artifact":{"id":"dd154d7bfbaea09c","name":"socket.io-parser","version":"4.0.5","type":"npm","locations":[{"path":"/juice-shop/node_modules/socket.io-parser/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/socket.io-parser/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:socket:socket.io-parser:4.0.5:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/socket.io-parser@4.0.5","upstreams":[]}},{"vulnerability":{"id":"CVE-2018-20796","dataSource":"https://security-tracker.debian.org/tracker/CVE-2018-20796","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.","cvss":[],"epss":[{"cve":"CVE-2018-20796","epss":0.01835,"percentile":0.82335,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.09175000000000001},"relatedVulnerabilities":[{"id":"CVE-2018-20796","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2018-20796","namespace":"nvd:cpe","severity":"High","urls":["http://www.securityfocus.com/bid/107160","https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141","https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html","https://security.netapp.com/advisory/ntap-20190315-0002/","https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS","http://www.securityfocus.com/bid/107160","https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141","https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html","https://security.netapp.com/advisory/ntap-20190315-0002/","https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS"],"description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2018-20796","epss":0.01835,"percentile":0.82335,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2018-20796","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"GHSA-fvqr-27wr-82fm","dataSource":"https://github.com/advisories/GHSA-fvqr-27wr-82fm","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Prototype Pollution in lodash","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2018-3721","epss":0.00139,"percentile":0.34818,"date":"2025-10-02"}],"fix":{"versions":["4.17.5"],"state":"fixed","available":[{"version":"4.17.5","date":"2020-07-28","kind":"first-observed"}]},"advisories":[],"risk":0.079925},"relatedVulnerabilities":[{"id":"CVE-2018-3721","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2018-3721","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a","https://hackerone.com/reports/310443","https://security.netapp.com/advisory/ntap-20190919-0004/","https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a","https://hackerone.com/reports/310443","https://security.netapp.com/advisory/ntap-20190919-0004/"],"description":"lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","metrics":{"baseScore":6.5,"exploitabilityScore":2.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:S/C:N/I:P/A:N","metrics":{"baseScore":4,"exploitabilityScore":8,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2018-3721","epss":0.00139,"percentile":0.34818,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"lodash","version":"2.4.2"}},"found":{"vulnerabilityID":"GHSA-fvqr-27wr-82fm","versionConstraint":"<4.17.5 (semantic)"},"fix":{"suggestedVersion":"4.17.5"}}],"artifact":{"id":"dbbb92a4d9c4d340","name":"lodash","version":"2.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:lodash:lodash:2.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/lodash@2.4.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-6g6m-m6h5-w9gf","dataSource":"https://github.com/advisories/GHSA-6g6m-m6h5-w9gf","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Authorization bypass in express-jwt","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","metrics":{"baseScore":7.7,"exploitabilityScore":1.3,"impactScore":5.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2020-15084","epss":0.00095,"percentile":0.27566,"date":"2025-10-02"}],"fix":{"versions":["6.0.0"],"state":"fixed","available":[{"version":"6.0.0","date":"2021-03-30","kind":"first-observed"}]},"advisories":[],"risk":0.0722},"relatedVulnerabilities":[{"id":"CVE-2020-15084","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2020-15084","namespace":"nvd:cpe","severity":"Critical","urls":["https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef","https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf","https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef","https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"],"description":"In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":9.1,"exploitabilityScore":3.9,"impactScore":5.2},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","metrics":{"baseScore":7.7,"exploitabilityScore":1.3,"impactScore":5.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2020-15084","epss":0.00095,"percentile":0.27566,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"express-jwt","version":"0.1.3"}},"found":{"vulnerabilityID":"GHSA-6g6m-m6h5-w9gf","versionConstraint":"<=5.3.3 (semantic)"},"fix":{"suggestedVersion":"6.0.0"}}],"artifact":{"id":"b057e452c5702954","name":"express-jwt","version":"0.1.3","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:express-jwt:0.1.3:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/express-jwt@0.1.3","upstreams":[]}},{"vulnerability":{"id":"GHSA-25hc-qcg6-38wj","dataSource":"https://github.com/advisories/GHSA-25hc-qcg6-38wj","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"socket.io has an unhandled 'error' event","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":7.3,"exploitabilityScore":3.9,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-38355","epss":0.001,"percentile":0.28479,"date":"2025-10-02"}],"fix":{"versions":["4.6.2"],"state":"fixed","available":[{"version":"4.6.2","date":"2024-06-20","kind":"first-observed"}]},"advisories":[],"risk":0.0615},"relatedVulnerabilities":[{"id":"CVE-2024-38355","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-38355","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115","https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c","https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj","https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115","https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c","https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj","https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355"],"description":"Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the \"error\" event to catch these errors.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":7.3,"exploitabilityScore":3.9,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-38355","epss":0.001,"percentile":0.28479,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"socket.io","version":"3.1.2"}},"found":{"vulnerabilityID":"GHSA-25hc-qcg6-38wj","versionConstraint":">=3.0.0,<4.6.2 (semantic)"},"fix":{"suggestedVersion":"4.6.2"}}],"artifact":{"id":"a59f241f8d484687","name":"socket.io","version":"3.1.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/socket.io/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/socket.io/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:socket:socket.io:3.1.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/socket.io@3.1.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-952p-6rrq-rcjv","dataSource":"https://github.com/advisories/GHSA-952p-6rrq-rcjv","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Regular Expression Denial of Service (ReDoS) in micromatch","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-4067","epss":0.00105,"percentile":0.2929,"date":"2025-10-02"}],"fix":{"versions":["4.0.8"],"state":"fixed","available":[{"version":"4.0.8","date":"2024-08-24","kind":"first-observed"}]},"advisories":[],"risk":0.054075},"relatedVulnerabilities":[{"id":"CVE-2024-4067","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-4067","namespace":"nvd:cpe","severity":"Medium","urls":["https://advisory.checkmarx.net/advisory/CVE-2024-4067/","https://devhub.checkmarx.com/cve-details/CVE-2024-4067/","https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade","https://github.com/micromatch/micromatch/pull/266","https://github.com/micromatch/micromatch/releases/tag/4.0.8","https://devhub.checkmarx.com/cve-details/CVE-2024-4067/","https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448","https://github.com/micromatch/micromatch/issues/243","https://github.com/micromatch/micromatch/pull/247"],"description":"The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-4067","epss":0.00105,"percentile":0.2929,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"micromatch","version":"3.1.10"}},"found":{"vulnerabilityID":"GHSA-952p-6rrq-rcjv","versionConstraint":"<4.0.8 (semantic)"},"fix":{"suggestedVersion":"4.0.8"}}],"artifact":{"id":"2f60ee768b1461a2","name":"micromatch","version":"3.1.10","type":"npm","locations":[{"path":"/juice-shop/node_modules/micromatch/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/micromatch/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:micromatch:micromatch:3.1.10:*:*:*:*:*:*:*"],"purl":"pkg:npm/micromatch@3.1.10","upstreams":[]}},{"vulnerability":{"id":"GHSA-vj76-c3g6-qr5v","dataSource":"https://github.com/advisories/GHSA-vj76-c3g6-qr5v","namespace":"github:language:javascript","severity":"High","urls":[],"description":"tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball","cvss":[],"epss":[{"cve":"CVE-2025-59343","epss":0.00066,"percentile":0.20898,"date":"2025-10-02"}],"fix":{"versions":["2.1.4"],"state":"fixed","available":[{"version":"2.1.4","date":"2025-09-27","kind":"first-observed"}]},"advisories":[],"risk":0.0495},"relatedVulnerabilities":[{"id":"CVE-2025-59343","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-59343","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09","https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"],"description":"tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":8.7},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-59343","epss":0.00066,"percentile":0.20898,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"tar-fs","version":"2.1.3"}},"found":{"vulnerabilityID":"GHSA-vj76-c3g6-qr5v","versionConstraint":">=2.0.0,<2.1.4 (semantic)"},"fix":{"suggestedVersion":"2.1.4"}}],"artifact":{"id":"9680d7d122bfb97a","name":"tar-fs","version":"2.1.3","type":"npm","locations":[{"path":"/juice-shop/node_modules/tar-fs/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/tar-fs/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:mafintosh:tar-fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:mafintosh:tar_fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar-fs:tar-fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar-fs:tar_fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar_fs:tar-fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar_fs:tar_fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar:tar-fs:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:tar:tar_fs:2.1.3:*:*:*:*:*:*:*"],"purl":"pkg:npm/tar-fs@2.1.3","upstreams":[]}},{"vulnerability":{"id":"GHSA-g5hg-p3ph-g8qg","dataSource":"https://github.com/advisories/GHSA-g5hg-p3ph-g8qg","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Multer vulnerable to Denial of Service via unhandled exception","cvss":[],"epss":[{"cve":"CVE-2025-48997","epss":0.00063,"percentile":0.2007,"date":"2025-10-02"}],"fix":{"versions":["2.0.1"],"state":"fixed","available":[{"version":"2.0.1","date":"2025-06-05","kind":"first-observed"}]},"advisories":[],"risk":0.04725000000000001},"relatedVulnerabilities":[{"id":"CVE-2025-48997","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-48997","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9","https://github.com/expressjs/multer/issues/1233","https://github.com/expressjs/multer/pull/1256","https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg"],"description":"Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":8.7},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-48997","epss":0.00063,"percentile":0.2007,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"multer","version":"1.4.5-lts.2"}},"found":{"vulnerabilityID":"GHSA-g5hg-p3ph-g8qg","versionConstraint":">=1.4.4-lts.1,<2.0.1 (semantic)"},"fix":{"suggestedVersion":"2.0.1"}}],"artifact":{"id":"cce9b5dd2cb3fe54","name":"multer","version":"1.4.5-lts.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/multer/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/multer/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/multer@1.4.5-lts.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-8cf7-32gw-wr33","dataSource":"https://github.com/advisories/GHSA-8cf7-32gw-wr33","namespace":"github:language:javascript","severity":"High","urls":[],"description":"jsonwebtoken unrestricted key type could lead to legacy keys usage","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":8.1,"exploitabilityScore":2.9,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23539","epss":0.00058,"percentile":0.18525,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.04524},"relatedVulnerabilities":[{"id":"CVE-2022-23539","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23539","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":8.1,"exploitabilityScore":2.9,"impactScore":5.2},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N","metrics":{"baseScore":5.9,"exploitabilityScore":1.7,"impactScore":4.3},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23539","epss":0.00058,"percentile":0.18525,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.1.0"}},"found":{"vulnerabilityID":"GHSA-8cf7-32gw-wr33","versionConstraint":"<=8.5.1 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"c29669d438fb9e38","name":"jsonwebtoken","version":"0.1.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.1.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.1.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-8cf7-32gw-wr33","dataSource":"https://github.com/advisories/GHSA-8cf7-32gw-wr33","namespace":"github:language:javascript","severity":"High","urls":[],"description":"jsonwebtoken unrestricted key type could lead to legacy keys usage","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":8.1,"exploitabilityScore":2.9,"impactScore":5.2},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23539","epss":0.00058,"percentile":0.18525,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.04524},"relatedVulnerabilities":[{"id":"CVE-2022-23539","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23539","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","metrics":{"baseScore":8.1,"exploitabilityScore":2.9,"impactScore":5.2},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N","metrics":{"baseScore":5.9,"exploitabilityScore":1.7,"impactScore":4.3},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23539","epss":0.00058,"percentile":0.18525,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.4.0"}},"found":{"vulnerabilityID":"GHSA-8cf7-32gw-wr33","versionConstraint":"<=8.5.1 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"1e23bc54c16fbe6d","name":"jsonwebtoken","version":"0.4.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.4.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.4.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-cgfm-xwp7-2cvr","dataSource":"https://github.com/advisories/GHSA-cgfm-xwp7-2cvr","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Sanitize-html Vulnerable To REDoS Attacks","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-25887","epss":0.00056,"percentile":0.17706,"date":"2025-10-02"}],"fix":{"versions":["2.7.1"],"state":"fixed","available":[{"version":"2.7.1","date":"2024-04-23","kind":"first-observed"}]},"advisories":[],"risk":0.041999999999999996},"relatedVulnerabilities":[{"id":"CVE-2022-25887","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-25887","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c","https://github.com/apostrophecms/sanitize-html/pull/557","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102","https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526","https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c","https://github.com/apostrophecms/sanitize-html/pull/557","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102","https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526"],"description":"The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"report@snyk.io","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-25887","epss":0.00056,"percentile":0.17706,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-cgfm-xwp7-2cvr","versionConstraint":"<2.7.1 (semantic)"},"fix":{"suggestedVersion":"2.7.1"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"CVE-2019-1010023","dataSource":"https://security-tracker.debian.org/tracker/CVE-2019-1010023","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[],"epss":[{"cve":"CVE-2019-1010023","epss":0.00722,"percentile":0.71808,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.0361},"relatedVulnerabilities":[{"id":"CVE-2019-1010023","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010023","namespace":"nvd:cpe","severity":"High","urls":["http://www.securityfocus.com/bid/109167","https://security-tracker.debian.org/tracker/CVE-2019-1010023","https://sourceware.org/bugzilla/show_bug.cgi?id=22851","https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010023","http://www.securityfocus.com/bid/109167","https://security-tracker.debian.org/tracker/CVE-2019-1010023","https://sourceware.org/bugzilla/show_bug.cgi?id=22851","https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010023"],"description":"GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","metrics":{"baseScore":8.8,"exploitabilityScore":2.9,"impactScore":5.9},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","metrics":{"baseScore":6.8,"exploitabilityScore":8.6,"impactScore":6.5},"vendorMetadata":{}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","metrics":{"baseScore":5.4,"exploitabilityScore":2.9,"impactScore":2.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-1010023","epss":0.00722,"percentile":0.71808,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2019-1010023","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"GHSA-44fp-w29j-9vj5","dataSource":"https://github.com/advisories/GHSA-44fp-w29j-9vj5","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Multer vulnerable to Denial of Service via memory leaks from unclosed streams","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-47935","epss":0.00037,"percentile":0.10451,"date":"2025-10-02"}],"fix":{"versions":["2.0.0"],"state":"fixed","available":[{"version":"2.0.0","date":"2025-05-22","kind":"first-observed"}]},"advisories":[],"risk":0.027749999999999997},"relatedVulnerabilities":[{"id":"CVE-2025-47935","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-47935","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665","https://github.com/expressjs/multer/pull/1120","https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5"],"description":"Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-47935","epss":0.00037,"percentile":0.10451,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"multer","version":"1.4.5-lts.2"}},"found":{"vulnerabilityID":"GHSA-44fp-w29j-9vj5","versionConstraint":"<2.0.0 (semantic)"},"fix":{"suggestedVersion":"2.0.0"}}],"artifact":{"id":"cce9b5dd2cb3fe54","name":"multer","version":"1.4.5-lts.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/multer/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/multer/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/multer@1.4.5-lts.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-4pg4-qvpc-4q3h","dataSource":"https://github.com/advisories/GHSA-4pg4-qvpc-4q3h","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Multer vulnerable to Denial of Service from maliciously crafted requests","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-47944","epss":0.00037,"percentile":0.10451,"date":"2025-10-02"}],"fix":{"versions":["2.0.0"],"state":"fixed","available":[{"version":"2.0.0","date":"2025-05-22","kind":"first-observed"}]},"advisories":[],"risk":0.027749999999999997},"relatedVulnerabilities":[{"id":"CVE-2025-47944","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-47944","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665","https://github.com/expressjs/multer/issues/1176","https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h"],"description":"Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-47944","epss":0.00037,"percentile":0.10451,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"multer","version":"1.4.5-lts.2"}},"found":{"vulnerabilityID":"GHSA-4pg4-qvpc-4q3h","versionConstraint":">=1.4.4-lts.1,<2.0.0 (semantic)"},"fix":{"suggestedVersion":"2.0.0"}}],"artifact":{"id":"cce9b5dd2cb3fe54","name":"multer","version":"1.4.5-lts.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/multer/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/multer/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/multer@1.4.5-lts.2","upstreams":[]}},{"vulnerability":{"id":"GHSA-hjrf-2m68-5959","dataSource":"https://github.com/advisories/GHSA-hjrf-2m68-5959","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":5,"exploitabilityScore":1.7,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23541","epss":0.00049,"percentile":0.14949,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.0245},"relatedVulnerabilities":[{"id":"CVE-2022-23541","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23541","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":6.3,"exploitabilityScore":2.9,"impactScore":3.4},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":5,"exploitabilityScore":1.7,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23541","epss":0.00049,"percentile":0.14949,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.1.0"}},"found":{"vulnerabilityID":"GHSA-hjrf-2m68-5959","versionConstraint":"<=8.5.1 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"c29669d438fb9e38","name":"jsonwebtoken","version":"0.1.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.1.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.1.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-hjrf-2m68-5959","dataSource":"https://github.com/advisories/GHSA-hjrf-2m68-5959","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":5,"exploitabilityScore":1.7,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23541","epss":0.00049,"percentile":0.14949,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.0245},"relatedVulnerabilities":[{"id":"CVE-2022-23541","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23541","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":6.3,"exploitabilityScore":2.9,"impactScore":3.4},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","metrics":{"baseScore":5,"exploitabilityScore":1.7,"impactScore":3.4},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23541","epss":0.00049,"percentile":0.14949,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.4.0"}},"found":{"vulnerabilityID":"GHSA-hjrf-2m68-5959","versionConstraint":"<=8.5.1 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"1e23bc54c16fbe6d","name":"jsonwebtoken","version":"0.4.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.4.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.4.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-pxg6-pf52-xh8x","dataSource":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x","namespace":"github:language:javascript","severity":"Low","urls":[],"description":"cookie accepts cookie name, path, and domain with out of bounds characters","cvss":[],"epss":[{"cve":"CVE-2024-47764","epss":0.00069,"percentile":0.21757,"date":"2025-10-02"}],"fix":{"versions":["0.7.0"],"state":"fixed","available":[{"version":"0.7.0","date":"2024-10-05","kind":"first-observed"}]},"advisories":[],"risk":0.0207},"relatedVulnerabilities":[{"id":"CVE-2024-47764","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2024-47764","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c","https://github.com/jshttp/cookie/pull/167","https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x"],"description":"cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.","cvss":[{"source":"security-advisories@github.com","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":6.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2024-47764","epss":0.00069,"percentile":0.21757,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"cookie","version":"0.4.2"}},"found":{"vulnerabilityID":"GHSA-pxg6-pf52-xh8x","versionConstraint":"<0.7.0 (semantic)"},"fix":{"suggestedVersion":"0.7.0"}}],"artifact":{"id":"299182936c2fe78a","name":"cookie","version":"0.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/engine.io/node_modules/cookie/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/engine.io/node_modules/cookie/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:cookie:cookie:0.4.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/cookie@0.4.2","upstreams":[]}},{"vulnerability":{"id":"CVE-2019-1010024","dataSource":"https://security-tracker.debian.org/tracker/CVE-2019-1010024","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[],"epss":[{"cve":"CVE-2019-1010024","epss":0.00375,"percentile":0.58541,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.01875},"relatedVulnerabilities":[{"id":"CVE-2019-1010024","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010024","namespace":"nvd:cpe","severity":"Medium","urls":["http://www.securityfocus.com/bid/109162","https://security-tracker.debian.org/tracker/CVE-2019-1010024","https://sourceware.org/bugzilla/show_bug.cgi?id=22852","https://support.f5.com/csp/article/K06046097","https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010024","http://www.securityfocus.com/bid/109162","https://security-tracker.debian.org/tracker/CVE-2019-1010024","https://sourceware.org/bugzilla/show_bug.cgi?id=22852","https://support.f5.com/csp/article/K06046097","https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010024"],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-1010024","epss":0.00375,"percentile":0.58541,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2019-1010024","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"CVE-2010-4756","dataSource":"https://security-tracker.debian.org/tracker/CVE-2010-4756","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.","cvss":[],"epss":[{"cve":"CVE-2010-4756","epss":0.00373,"percentile":0.58431,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.01865},"relatedVulnerabilities":[{"id":"CVE-2010-4756","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2010-4756","namespace":"nvd:cpe","severity":"Medium","urls":["http://cxib.net/stuff/glob-0day.c","http://securityreason.com/achievement_securityalert/89","http://securityreason.com/exploitalert/9223","https://bugzilla.redhat.com/show_bug.cgi?id=681681","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756","http://cxib.net/stuff/glob-0day.c","http://securityreason.com/achievement_securityalert/89","http://securityreason.com/exploitalert/9223","https://bugzilla.redhat.com/show_bug.cgi?id=681681","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756"],"description":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","metrics":{"baseScore":4,"exploitabilityScore":8,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2010-4756","epss":0.00373,"percentile":0.58431,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2010-4756","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"CVE-2019-9192","dataSource":"https://security-tracker.debian.org/tracker/CVE-2019-9192","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern","cvss":[],"epss":[{"cve":"CVE-2019-9192","epss":0.00363,"percentile":0.57814,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.018150000000000003},"relatedVulnerabilities":[{"id":"CVE-2019-9192","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-9192","namespace":"nvd:cpe","severity":"High","urls":["https://sourceware.org/bugzilla/show_bug.cgi?id=24269","https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS","https://sourceware.org/bugzilla/show_bug.cgi?id=24269","https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS"],"description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-9192","epss":0.00363,"percentile":0.57814,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2019-9192","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"GHSA-qhxp-v273-g94h","dataSource":"https://github.com/advisories/GHSA-qhxp-v273-g94h","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"sanitize-html is vulnerable to XSS through incomprehensive sanitization","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","metrics":{"baseScore":6.1,"exploitabilityScore":2.9,"impactScore":2.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-25225","epss":0.0003,"percentile":0.07489,"date":"2025-10-02"}],"fix":{"versions":["2.0.0-beta"],"state":"fixed","available":[{"version":"2.0.0-beta","date":"2025-09-13","kind":"first-observed"}]},"advisories":[],"risk":0.016649999999999995},"relatedVulnerabilities":[{"id":"CVE-2019-25225","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-25225","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2019/CVE-2019-25225","https://github.com/apostrophecms/sanitize-html/commit/712cb6895825c8bb6ede71a16b42bade42abcaf3","https://github.com/apostrophecms/sanitize-html/issues/293","https://github.com/apostrophecms/sanitize-html/pull/156"],"description":"`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.","cvss":[{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","metrics":{"baseScore":6.1,"exploitabilityScore":2.9,"impactScore":2.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-25225","epss":0.0003,"percentile":0.07489,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"sanitize-html","version":"1.4.2"}},"found":{"vulnerabilityID":"GHSA-qhxp-v273-g94h","versionConstraint":"<2.0.0-beta (semantic)"},"fix":{"suggestedVersion":"2.0.0-beta"}}],"artifact":{"id":"5de04e7baabe2ecd","name":"sanitize-html","version":"1.4.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/sanitize-html/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/sanitize-html/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:apostrophecms:sanitize-html:1.4.2:*:*:*:*:node.js:*:*","cpe:2.3:a:punkave:sanitize-html:1.4.2:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/sanitize-html@1.4.2","upstreams":[]}},{"vulnerability":{"id":"CVE-2025-9230","dataSource":"https://security-tracker.debian.org/tracker/CVE-2025-9230","namespace":"debian:distro:debian:12","severity":"High","urls":[],"description":"Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-9230","epss":0.00022,"percentile":0.04673,"date":"2025-10-02"}],"fix":{"versions":["3.0.17-1~deb12u3"],"state":"fixed","available":[{"version":"3.0.17-1~deb12u3","date":"2025-10-01","kind":"advisory"}]},"advisories":[{"id":"","link":"https://security-tracker.debian.org/tracker/DSA-6015-1"}],"risk":0.0165},"relatedVulnerabilities":[{"id":"CVE-2025-9230","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-9230","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45","https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280","https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def","https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd","https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482","https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3","https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba","https://openssl-library.org/news/secadv/20250930.txt"],"description":"Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-9230","epss":0.00022,"percentile":0.04673,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"openssl","version":"3.0.17-1~deb12u2"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2025-9230","versionConstraint":"< 3.0.17-1~deb12u3 (deb)"},"fix":{"suggestedVersion":"3.0.17-1~deb12u3"}}],"artifact":{"id":"35e2091e2b3da6f5","name":"libssl3","version":"3.0.17-1~deb12u2","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libssl3","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libssl3/copyright","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/usr/share/doc/libssl3/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libssl3.md5sums","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Apache-2.0","Artistic","GPL-1","GPL-1+"],"cpes":["cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl","upstreams":[{"name":"openssl"}]}},{"vulnerability":{"id":"CVE-2025-9232","dataSource":"https://security-tracker.debian.org/tracker/CVE-2025-9232","namespace":"debian:distro:debian:12","severity":"Medium","urls":[],"description":"Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.9,"exploitabilityScore":2.3,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-9232","epss":0.00028,"percentile":0.06606,"date":"2025-10-02"}],"fix":{"versions":["3.0.17-1~deb12u3"],"state":"fixed","available":[{"version":"3.0.17-1~deb12u3","date":"2025-10-01","kind":"advisory"}]},"advisories":[{"id":"","link":"https://security-tracker.debian.org/tracker/DSA-6015-1"}],"risk":0.01526},"relatedVulnerabilities":[{"id":"CVE-2025-9232","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-9232","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35","https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b","https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3","https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf","https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0","https://openssl-library.org/news/secadv/20250930.txt"],"description":"Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.9,"exploitabilityScore":2.3,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-9232","epss":0.00028,"percentile":0.06606,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"openssl","version":"3.0.17-1~deb12u2"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2025-9232","versionConstraint":"< 3.0.17-1~deb12u3 (deb)"},"fix":{"suggestedVersion":"3.0.17-1~deb12u3"}}],"artifact":{"id":"35e2091e2b3da6f5","name":"libssl3","version":"3.0.17-1~deb12u2","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libssl3","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libssl3/copyright","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/usr/share/doc/libssl3/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libssl3.md5sums","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Apache-2.0","Artistic","GPL-1","GPL-1+"],"cpes":["cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl","upstreams":[{"name":"openssl"}]}},{"vulnerability":{"id":"GHSA-fjgf-rc76-4x9p","dataSource":"https://github.com/advisories/GHSA-fjgf-rc76-4x9p","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Multer vulnerable to Denial of Service via unhandled exception from malformed request","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-7338","epss":0.00018,"percentile":0.03377,"date":"2025-10-02"}],"fix":{"versions":["2.0.2"],"state":"fixed","available":[{"version":"2.0.2","date":"2025-07-18","kind":"first-observed"}]},"advisories":[],"risk":0.0135},"relatedVulnerabilities":[{"id":"CVE-2025-7338","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-7338","namespace":"nvd:cpe","severity":"High","urls":["https://cna.openjsf.org/security-advisories.html","https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b","https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"],"description":"Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.","cvss":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","metrics":{"baseScore":7.5,"exploitabilityScore":3.9,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-7338","epss":0.00018,"percentile":0.03377,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"multer","version":"1.4.5-lts.2"}},"found":{"vulnerabilityID":"GHSA-fjgf-rc76-4x9p","versionConstraint":">=1.4.4-lts.1,<2.0.2 (semantic)"},"fix":{"suggestedVersion":"2.0.2"}}],"artifact":{"id":"cce9b5dd2cb3fe54","name":"multer","version":"1.4.5-lts.2","type":"npm","locations":[{"path":"/juice-shop/node_modules/multer/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/multer/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*"],"purl":"pkg:npm/multer@1.4.5-lts.2","upstreams":[]}},{"vulnerability":{"id":"CVE-2019-1010025","dataSource":"https://security-tracker.debian.org/tracker/CVE-2019-1010025","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.","cvss":[],"epss":[{"cve":"CVE-2019-1010025","epss":0.00228,"percentile":0.45777,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.0114},"relatedVulnerabilities":[{"id":"CVE-2019-1010025","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010025","namespace":"nvd:cpe","severity":"Medium","urls":["https://security-tracker.debian.org/tracker/CVE-2019-1010025","https://sourceware.org/bugzilla/show_bug.cgi?id=22853","https://support.f5.com/csp/article/K06046097","https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010025","https://security-tracker.debian.org/tracker/CVE-2019-1010025","https://sourceware.org/bugzilla/show_bug.cgi?id=22853","https://support.f5.com/csp/article/K06046097","https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS","https://ubuntu.com/security/CVE-2019-1010025"],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","metrics":{"baseScore":5,"exploitabilityScore":10,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-1010025","epss":0.00228,"percentile":0.45777,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2019-1010025","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"GHSA-qwph-4952-7xr6","dataSource":"https://github.com/advisories/GHSA-qwph-4952-7xr6","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":6.4,"exploitabilityScore":1.7,"impactScore":4.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23540","epss":0.00016,"percentile":0.02679,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.009120000000000001},"relatedVulnerabilities":[{"id":"CVE-2022-23540","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23540","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":7.6,"exploitabilityScore":2.9,"impactScore":4.8},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":6.4,"exploitabilityScore":1.7,"impactScore":4.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23540","epss":0.00016,"percentile":0.02679,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.1.0"}},"found":{"vulnerabilityID":"GHSA-qwph-4952-7xr6","versionConstraint":"<9.0.0 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"c29669d438fb9e38","name":"jsonwebtoken","version":"0.1.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.1.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.1.0","upstreams":[]}},{"vulnerability":{"id":"GHSA-qwph-4952-7xr6","dataSource":"https://github.com/advisories/GHSA-qwph-4952-7xr6","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":6.4,"exploitabilityScore":1.7,"impactScore":4.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23540","epss":0.00016,"percentile":0.02679,"date":"2025-10-02"}],"fix":{"versions":["9.0.0"],"state":"fixed","available":[{"version":"9.0.0","date":"2022-12-23","kind":"first-observed"}]},"advisories":[],"risk":0.009120000000000001},"relatedVulnerabilities":[{"id":"CVE-2022-23540","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-23540","namespace":"nvd:cpe","severity":"High","urls":["https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6","https://security.netapp.com/advisory/ntap-20240621-0007/","https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6","https://security.netapp.com/advisory/ntap-20240621-0007/"],"description":"In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":7.6,"exploitabilityScore":2.9,"impactScore":4.8},"vendorMetadata":{}},{"source":"security-advisories@github.com","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","metrics":{"baseScore":6.4,"exploitabilityScore":1.7,"impactScore":4.8},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-23540","epss":0.00016,"percentile":0.02679,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jsonwebtoken","version":"0.4.0"}},"found":{"vulnerabilityID":"GHSA-qwph-4952-7xr6","versionConstraint":"<9.0.0 (semantic)"},"fix":{"suggestedVersion":"9.0.0"}}],"artifact":{"id":"1e23bc54c16fbe6d","name":"jsonwebtoken","version":"0.4.0","type":"npm","locations":[{"path":"/juice-shop/node_modules/jsonwebtoken/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/jsonwebtoken/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:auth0:jsonwebtoken:0.4.0:*:*:*:*:node.js:*:*"],"purl":"pkg:npm/jsonwebtoken@0.4.0","upstreams":[]}},{"vulnerability":{"id":"CVE-2025-4802","dataSource":"https://security-tracker.debian.org/tracker/CVE-2025-4802","namespace":"debian:distro:debian:12","severity":"High","urls":[],"description":"Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","metrics":{"baseScore":7.8,"exploitabilityScore":1.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-4802","epss":0.00011,"percentile":0.00955,"date":"2025-10-02"}],"fix":{"versions":["2.36-9+deb12u11"],"state":"fixed","available":[{"version":"2.36-9+deb12u11","date":"2025-09-11","kind":"first-observed"}]},"advisories":[],"risk":0.008415},"relatedVulnerabilities":[{"id":"CVE-2025-4802","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-4802","namespace":"nvd:cpe","severity":"High","urls":["https://sourceware.org/bugzilla/show_bug.cgi?id=32976","https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e","http://www.openwall.com/lists/oss-security/2025/05/16/7","http://www.openwall.com/lists/oss-security/2025/05/17/2"],"description":"Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","metrics":{"baseScore":7.8,"exploitabilityScore":1.9,"impactScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-4802","epss":0.00011,"percentile":0.00955,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2025-4802","versionConstraint":"< 2.36-9+deb12u11 (deb)"},"fix":{"suggestedVersion":"2.36-9+deb12u11"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"CVE-2019-1010022","dataSource":"https://security-tracker.debian.org/tracker/CVE-2019-1010022","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[],"epss":[{"cve":"CVE-2019-1010022","epss":0.00145,"percentile":0.35655,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.00725},"relatedVulnerabilities":[{"id":"CVE-2019-1010022","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010022","namespace":"nvd:cpe","severity":"Critical","urls":["https://security-tracker.debian.org/tracker/CVE-2019-1010022","https://sourceware.org/bugzilla/show_bug.cgi?id=22850","https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3","https://ubuntu.com/security/CVE-2019-1010022","https://security-tracker.debian.org/tracker/CVE-2019-1010022","https://sourceware.org/bugzilla/show_bug.cgi?id=22850","https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3","https://ubuntu.com/security/CVE-2019-1010022"],"description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.0","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","metrics":{"baseScore":9.8,"exploitabilityScore":3.9,"impactScore":5.9},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","metrics":{"baseScore":7.5,"exploitabilityScore":10,"impactScore":6.5},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2019-1010022","epss":0.00145,"percentile":0.35655,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2019-1010022","versionConstraint":"none (unknown)"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"CVE-2025-8058","dataSource":"https://security-tracker.debian.org/tracker/CVE-2025-8058","namespace":"debian:distro:debian:12","severity":"Medium","urls":[],"description":"The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.","cvss":[{"source":"3ff69d7a-14f2-4f67-a097-88dee7810d18","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-8058","epss":0.0001,"percentile":0.00736,"date":"2025-10-02"}],"fix":{"versions":["2.36-9+deb12u13"],"state":"fixed","available":[{"version":"2.36-9+deb12u13","date":"2025-09-11","kind":"first-observed"}]},"advisories":[],"risk":0.00545},"relatedVulnerabilities":[{"id":"CVE-2025-8058","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-8058","namespace":"nvd:cpe","severity":"Medium","urls":["https://sourceware.org/bugzilla/show_bug.cgi?id=33185","https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f"],"description":"The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.","cvss":[{"source":"3ff69d7a-14f2-4f67-a097-88dee7810d18","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-8058","epss":0.0001,"percentile":0.00736,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"glibc","version":"2.36-9+deb12u10"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2025-8058","versionConstraint":"< 2.36-9+deb12u13 (deb)"},"fix":{"suggestedVersion":"2.36-9+deb12u13"}}],"artifact":{"id":"60c2ebf5ef786e78","name":"libc6","version":"2.36-9+deb12u10","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libc6","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libc6/copyright","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/usr/share/doc/libc6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libc6.md5sums","layerID":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","accessPath":"/var/lib/dpkg/status.d/libc6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["GPL-2","LGPL-2.1"],"cpes":["cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc","upstreams":[{"name":"glibc"}]}},{"vulnerability":{"id":"CVE-2025-27587","dataSource":"https://security-tracker.debian.org/tracker/CVE-2025-27587","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.","cvss":[],"epss":[{"cve":"CVE-2025-27587","epss":0.00058,"percentile":0.18354,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.0029},"relatedVulnerabilities":[{"id":"CVE-2025-27587","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-27587","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/openssl/openssl/issues/24253","https://minerva.crocs.fi.muni.cz"],"description":"OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.","cvss":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":1.7,"impactScore":3.6},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-27587","epss":0.00058,"percentile":0.18354,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"openssl","version":"3.0.17-1~deb12u2"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2025-27587","versionConstraint":"none (unknown)"}}],"artifact":{"id":"35e2091e2b3da6f5","name":"libssl3","version":"3.0.17-1~deb12u2","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libssl3","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/libssl3/copyright","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/usr/share/doc/libssl3/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libssl3.md5sums","layerID":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","accessPath":"/var/lib/dpkg/status.d/libssl3.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Apache-2.0","Artistic","GPL-1","GPL-1+"],"cpes":["cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl","upstreams":[{"name":"openssl"}]}},{"vulnerability":{"id":"CVE-2022-27943","dataSource":"https://security-tracker.debian.org/tracker/CVE-2022-27943","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.00255},"relatedVulnerabilities":[{"id":"CVE-2022-27943","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-27943","namespace":"nvd:cpe","severity":"Medium","urls":["https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995"],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.5,"exploitabilityScore":1.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"gcc-12","version":"12.2.0-14+deb12u1"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2022-27943","versionConstraint":"none (unknown)"}}],"artifact":{"id":"8dc0b4cbdedf8b0b","name":"gcc-12-base","version":"12.2.0-14+deb12u1","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/gcc-12-base","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/var/lib/dpkg/status.d/gcc-12-base","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/gcc-12-base/copyright","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/usr/share/doc/gcc-12-base/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/gcc-12-base.md5sums","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/var/lib/dpkg/status.d/gcc-12-base.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Artistic","GFDL-1.2","GPL","GPL-2","GPL-3","LGPL"],"cpes":["cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12","upstreams":[{"name":"gcc-12"}]}},{"vulnerability":{"id":"CVE-2022-27943","dataSource":"https://security-tracker.debian.org/tracker/CVE-2022-27943","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.00255},"relatedVulnerabilities":[{"id":"CVE-2022-27943","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-27943","namespace":"nvd:cpe","severity":"Medium","urls":["https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995"],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.5,"exploitabilityScore":1.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"gcc-12","version":"12.2.0-14+deb12u1"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2022-27943","versionConstraint":"none (unknown)"}}],"artifact":{"id":"a8358ba02091f401","name":"libgcc-s1","version":"12.2.0-14+deb12u1","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libgcc-s1","layerID":"sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714","accessPath":"/var/lib/dpkg/status.d/libgcc-s1","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/gcc-12-base/copyright","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/usr/share/doc/libgcc-s1/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libgcc-s1.md5sums","layerID":"sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714","accessPath":"/var/lib/dpkg/status.d/libgcc-s1.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Artistic","GFDL-1.2","GPL","GPL-2","GPL-3","LGPL"],"cpes":["cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*","cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12","upstreams":[{"name":"gcc-12"}]}},{"vulnerability":{"id":"CVE-2022-27943","dataSource":"https://security-tracker.debian.org/tracker/CVE-2022-27943","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.00255},"relatedVulnerabilities":[{"id":"CVE-2022-27943","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-27943","namespace":"nvd:cpe","severity":"Medium","urls":["https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995"],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.5,"exploitabilityScore":1.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"gcc-12","version":"12.2.0-14+deb12u1"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2022-27943","versionConstraint":"none (unknown)"}}],"artifact":{"id":"7e671502c66ed1d1","name":"libgomp1","version":"12.2.0-14+deb12u1","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libgomp1","layerID":"sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b","accessPath":"/var/lib/dpkg/status.d/libgomp1","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/gcc-12-base/copyright","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/usr/share/doc/libgomp1/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libgomp1.md5sums","layerID":"sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b","accessPath":"/var/lib/dpkg/status.d/libgomp1.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Artistic","GFDL-1.2","GPL","GPL-2","GPL-3","LGPL"],"cpes":["cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12","upstreams":[{"name":"gcc-12"}]}},{"vulnerability":{"id":"CVE-2022-27943","dataSource":"https://security-tracker.debian.org/tracker/CVE-2022-27943","namespace":"debian:distro:debian:12","severity":"Negligible","urls":[],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0.00255},"relatedVulnerabilities":[{"id":"CVE-2022-27943","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2022-27943","namespace":"nvd:cpe","severity":"Medium","urls":["https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/","https://sourceware.org/bugzilla/show_bug.cgi?id=28995"],"description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","metrics":{"baseScore":5.5,"exploitabilityScore":1.9,"impactScore":3.6},"vendorMetadata":{}},{"source":"nvd@nist.gov","type":"Primary","version":"2.0","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","metrics":{"baseScore":4.3,"exploitabilityScore":8.6,"impactScore":2.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2022-27943","epss":0.00051,"percentile":0.15862,"date":"2025-10-02"}]}],"matchDetails":[{"type":"exact-indirect-match","matcher":"dpkg-matcher","searchedBy":{"distro":{"type":"debian","version":"12"},"package":{"name":"gcc-12","version":"12.2.0-14+deb12u1"},"namespace":"debian:distro:debian:12"},"found":{"vulnerabilityID":"CVE-2022-27943","versionConstraint":"none (unknown)"}}],"artifact":{"id":"beed519c814b3b17","name":"libstdc++6","version":"12.2.0-14+deb12u1","type":"deb","locations":[{"path":"/var/lib/dpkg/status.d/libstdc++6","layerID":"sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c","accessPath":"/var/lib/dpkg/status.d/libstdc++6","annotations":{"evidence":"primary"}},{"path":"/usr/share/doc/gcc-12-base/copyright","layerID":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","accessPath":"/usr/share/doc/libstdc++6/copyright","annotations":{"evidence":"supporting"}},{"path":"/var/lib/dpkg/status.d/libstdc++6.md5sums","layerID":"sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c","accessPath":"/var/lib/dpkg/status.d/libstdc++6.md5sums","annotations":{"evidence":"supporting"}}],"language":"","licenses":["Artistic","GFDL-1.2","GPL","GPL-2","GPL-3","LGPL"],"cpes":["cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*"],"purl":"pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12","upstreams":[{"name":"gcc-12"}]}},{"vulnerability":{"id":"GHSA-5mrr-rgp6-x4gr","dataSource":"https://github.com/advisories/GHSA-5mrr-rgp6-x4gr","namespace":"github:language:javascript","severity":"Critical","urls":[],"description":"Command Injection in marsdb","cvss":[],"fix":{"versions":[],"state":"not-fixed"},"advisories":[],"risk":0},"relatedVulnerabilities":[],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"marsdb","version":"0.6.11"}},"found":{"vulnerabilityID":"GHSA-5mrr-rgp6-x4gr","versionConstraint":">=0.0.0 (semantic)"}}],"artifact":{"id":"92d5870e9d43058d","name":"marsdb","version":"0.6.11","type":"npm","locations":[{"path":"/juice-shop/node_modules/marsdb/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/marsdb/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:marsdb:marsdb:0.6.11:*:*:*:*:*:*:*","cpe:2.3:a:c58:marsdb:0.6.11:*:*:*:*:*:*:*"],"purl":"pkg:npm/marsdb@0.6.11","upstreams":[]}},{"vulnerability":{"id":"GHSA-gjcw-v447-2w7q","dataSource":"https://github.com/advisories/GHSA-gjcw-v447-2w7q","namespace":"github:language:javascript","severity":"High","urls":[],"description":"Forgeable Public/Private Tokens in jws","cvss":[{"type":"Secondary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","metrics":{"baseScore":8.7,"exploitabilityScore":2.3,"impactScore":5.8},"vendorMetadata":{}}],"fix":{"versions":["3.0.0"],"state":"fixed","available":[{"version":"3.0.0","date":"2020-09-02","kind":"first-observed"}]},"advisories":[],"risk":0},"relatedVulnerabilities":[{"id":"CVE-2016-1000223","dataSource":"nvd","namespace":"nvd:cpe","severity":"Unknown","urls":[],"cvss":[]}],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"jws","version":"0.2.6"}},"found":{"vulnerabilityID":"GHSA-gjcw-v447-2w7q","versionConstraint":"<3.0.0 (semantic)"},"fix":{"suggestedVersion":"3.0.0"}}],"artifact":{"id":"e3ae0c46d846c3b2","name":"jws","version":"0.2.6","type":"npm","locations":[{"path":"/juice-shop/node_modules/jws/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/jws/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:brianloveswords:jws:0.2.6:*:*:*:*:*:*:*","cpe:2.3:a:jws:jws:0.2.6:*:*:*:*:*:*:*"],"purl":"pkg:npm/jws@0.2.6","upstreams":[]}},{"vulnerability":{"id":"GHSA-rvg8-pwq2-xj7q","dataSource":"https://github.com/advisories/GHSA-rvg8-pwq2-xj7q","namespace":"github:language:javascript","severity":"Medium","urls":[],"description":"Out-of-bounds Read in base64url","cvss":[],"fix":{"versions":["3.0.0"],"state":"fixed","available":[{"version":"3.0.0","date":"2020-09-02","kind":"first-observed"}]},"advisories":[],"risk":0},"relatedVulnerabilities":[],"matchDetails":[{"type":"exact-direct-match","matcher":"javascript-matcher","searchedBy":{"language":"javascript","namespace":"github:language:javascript","package":{"name":"base64url","version":"0.0.6"}},"found":{"vulnerabilityID":"GHSA-rvg8-pwq2-xj7q","versionConstraint":"<3.0.0 (semantic)"},"fix":{"suggestedVersion":"3.0.0"}}],"artifact":{"id":"2f8a9d6c7656ba10","name":"base64url","version":"0.0.6","type":"npm","locations":[{"path":"/juice-shop/node_modules/base64url/package.json","layerID":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","accessPath":"/juice-shop/node_modules/base64url/package.json","annotations":{"evidence":"primary"}}],"language":"javascript","licenses":["MIT"],"cpes":["cpe:2.3:a:brianloveswords:base64url:0.0.6:*:*:*:*:*:*:*","cpe:2.3:a:base64url:base64url:0.0.6:*:*:*:*:*:*:*"],"purl":"pkg:npm/base64url@0.0.6","upstreams":[]}}],"source":{"type":"image","target":{"userInput":"bkimminich/juice-shop:v19.0.0","imageID":"sha256:2a95df217ff812f173a6ee032816172e401f641d2a9cf526011d62b9734b503c","manifestDigest":"sha256:914e57eba11d1741fabdbdc1ba10895d7a83156f31ce6f42c7cddb449d4886ae","mediaType":"application/vnd.docker.distribution.manifest.v2+json","tags":["bkimminich/juice-shop:v19.0.0"],"imageSize":429280608,"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:955a0d3ff798720038c95c7ef1bf41fec749655e3b147f797868f96fc13a243b","size":270682},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba","size":22888},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:48c0fb67386ed713921fcc0468be23231d0872fa67ccc8ea3929df4656b6ddfc","size":1462778},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9","size":82129},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368","size":0},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc","size":149},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4","size":0},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b","size":64},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1","size":0},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849","size":497},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3","size":346},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:bfe9137a1b044e8097cdfcb6899137a8a984ed70931ed1e8ef0cf7e023a139fc","size":235531},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733","size":23411112},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad","size":5862129},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb","size":94037},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b","size":331874},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c","size":2295192},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714","size":134340},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:9b8c092bd6eeff60476ebf0bfee3012f641d43c17e22f170d86348c0956c3c82","size":119702397},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:5ac5a123865b5107ef341d5fd136b8634216d30db3b04afd0d893fcdaad16e14","size":0},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077","size":275374463}],"manifest":"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo1MzA5LCJkaWdlc3QiOiJzaGEyNTY6MmE5NWRmMjE3ZmY4MTJmMTczYTZlZTAzMjgxNjE3MmU0MDFmNjQxZDJhOWNmNTI2MDExZDYyYjk3MzRiNTAzYyJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMjc2ODAsImRpZ2VzdCI6InNoYTI1Njo5NTVhMGQzZmY3OTg3MjAwMzhjOTVjN2VmMWJmNDFmZWM3NDk2NTVlM2IxNDdmNzk3ODY4Zjk2ZmMxM2EyNDNiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NjAsImRpZ2VzdCI6InNoYTI1Njo4ZmExMGMwMTk0ZGY5YjdjMDU0YzkwZGJlNDgyNTg1Zjc2OGE1NDQyOGZjOTBhNWI3OGEwMDY2YTEyM2IxYmJhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjQwNjQwMCwiZGlnZXN0Ijoic2hhMjU2OjQ4YzBmYjY3Mzg2ZWQ3MTM5MjFmY2MwNDY4YmUyMzIzMWQwODcyZmE2N2NjYzhlYTM5MjlkZjQ2NTZiNmRkZmMifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMDI0MDAsImRpZ2VzdCI6InNoYTI1NjoxMTRkZGUwZmVmZWJiY2ExMzE2NWQwZGE5YzUwMGE2NjE5MGU0OTdhODJhNTNkY2FhYmMzMTcyZDYzMGJlMWU5In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTUzNiwiZGlnZXN0Ijoic2hhMjU2OjRkMDQ5ZjgzZDljZjIxZDFmNWNjMGUxMWRlYWYzNmRmMDI3OTBkMGU2MGMxYTM4Mjk1MzhmYjRiNjE2ODUzNjgifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyNTYwLCJkaWdlc3QiOiJzaGEyNTY6YWY1YWE5N2ViZTZjZTE2MDQ3NDdlYzFlMjFhZjcxMzZkZWQzOTFiY2FiZTRhY2VmODgyZTcxOGE4N2M4NmJjYyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1Njo2ZjFjZGNlYjZhMzE0NmYwY2NiOTg2NTIxMTU2YmVmOGE0MjJjZGJiMDg2MzM5NmY3Zjc1MWY1NzViYTMwOGY0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjU2MCwiZGlnZXN0Ijoic2hhMjU2OmJiYjZjYWNiOGM4MmU0ZGE0ZTgxNDNlMDMzNTFlOTM5ZWFiNWUyMWNlMGVmMzMzYzQyZTYzN2FmODZjNTIxN2IifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNTM2LCJkaWdlc3QiOiJzaGEyNTY6MmE5MmQ2YWM5ZTRmY2MyNzRkNTE2OGIyMTdjYTQ0NThhOWZlYzZmMDk0ZWFkNjhkOTljNzcwNzNmMDhjYWFjMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEwMjQwLCJkaWdlc3QiOiJzaGEyNTY6MWE3M2I1NGY1NTZiNDc3ZjBhOGI5MzlkMTNjNTA0YTNiNGY0ZGI3MWY3YTA5YzYzYWZiYzEwYWNiM2RlNTg0OSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjMwNzIsImRpZ2VzdCI6InNoYTI1NjpmNGFlZTllNTNjNDJhMjJlZDgyNDUxMjE4YzNlYTAzZDFlZWE4ZDZjYThmYmU4ZWI0ZTk1MDMwNGJhOGE4YmIzIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjQxNjY0LCJkaWdlc3QiOiJzaGEyNTY6YmZlOTEzN2ExYjA0NGU4MDk3Y2RmY2I2ODk5MTM3YThhOTg0ZWQ3MDkzMWVkMWU4ZWYwY2Y3ZTAyM2ExMzlmYyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIzNTkyOTYwLCJkaWdlc3QiOiJzaGEyNTY6N2NlMmY1ZGFkYzVmZDUzMDI2NDM2MjA5MDA1ZTdkYmM3MTJlMWU1ZWJkOGNkOGYzMTMwN2ZlZWFhOWZmNDczMyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjU4Nzc3NjAsImRpZ2VzdCI6InNoYTI1NjpjNjkxMWJjN2VlOGM0YWNjNmQ2NDg0NWU5ODZiMWNjZGQ4ZTMzMTZkMmU1YTYzYTk3OTA3MTRhZjcwMzc5OGFkIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTEyNjQwLCJkaWdlc3QiOiJzaGEyNTY6MTUwNTg3MzBlOTE0NjFlYjk4ZGNhY2NjZTJkODIxNGM3Y2I4OWYyMjdlNWYzZjQ4YWNjYjE3NzY3ZWVkYzliYiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjM0ODE2MCwiZGlnZXN0Ijoic2hhMjU2OjI0NTE1N2NmYzQxOTM4ZjQ5NjUwYzE5Zjk4ZDc5ZmQ5NmNjNTY0NmI0MDVlZTFhOWU3MGNiZmY3ZTA5YmJmM2IifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMzE0MjQwLCJkaWdlc3QiOiJzaGEyNTY6ZTg0MDMwZDJmMjcwYWQ5ZjM1NGNlMjJhMThmMWU3YmY0ZmJkZjU5MTg2NzJjMGI2YzBiMjM1NDY4NWVjZjgzYyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjE1MzYwMCwiZGlnZXN0Ijoic2hhMjU2OmNkYThhYTEwYzdlZjBkNDNiNDNhZDY4Mzg1ZmJhN2RiYmM2NDc3NDVmYjM5ZTRjMjc1NWVmNjQyN2YzNmY3MTQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMTk3MTU4NDAsImRpZ2VzdCI6InNoYTI1Njo5YjhjMDkyYmQ2ZWVmZjYwNDc2ZWJmMGJmZWUzMDEyZjY0MWQ0M2MxN2UyMmYxNzBkODYzNDhjMDk1NmMzYzgyIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTUzNiwiZGlnZXN0Ijoic2hhMjU2OjVhYzVhMTIzODY1YjUxMDdlZjM0MWQ1ZmQxMzZiODYzNDIxNmQzMGRiM2IwNGFmZDBkODkzZmNkYWFkMTZlMTQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyOTUzMDAwOTYsImRpZ2VzdCI6InNoYTI1NjpiOWQyMzQxMWYxNDJhNDc3NWQyNTRmY2IyNDc0MTJkYmEzMTMwN2M3MzZkMzNhZDc5MzhiMWMxMWNjZTNlMDc3In1dfQ==","config":"eyJhcmNoaXRlY3R1cmUiOiJhcm02NCIsImNvbmZpZyI6eyJVc2VyIjoiNjU1MzIiLCJFeHBvc2VkUG9ydHMiOnsiMzAwMC90Y3AiOnt9fSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiU1NMX0NFUlRfRklMRT0vZXRjL3NzbC9jZXJ0cy9jYS1jZXJ0aWZpY2F0ZXMuY3J0Il0sIkVudHJ5cG9pbnQiOlsiL25vZGVqcy9iaW4vbm9kZSJdLCJDbWQiOlsiL2p1aWNlLXNob3AvYnVpbGQvYXBwLmpzIl0sIldvcmtpbmdEaXIiOiIvanVpY2Utc2hvcCIsIkxhYmVscyI6eyJtYWludGFpbmVyIjoiQmpvZXJuIEtpbW1pbmljaCBcdTAwM2Niam9lcm4ua2ltbWluaWNoQG93YXNwLm9yZ1x1MDAzZSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5hdXRob3JzIjoiQmpvZXJuIEtpbW1pbmljaCBcdTAwM2Niam9lcm4ua2ltbWluaWNoQG93YXNwLm9yZ1x1MDAzZSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5jcmVhdGVkIjoi4oCdMjAyNS0wOS0wNFQwNTozODoxMVrigJ0iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZGVzY3JpcHRpb24iOiJQcm9iYWJseSB0aGUgbW9zdCBtb2Rlcm4gYW5kIHNvcGhpc3RpY2F0ZWQgaW5zZWN1cmUgd2ViIGFwcGxpY2F0aW9uIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRvY3VtZW50YXRpb24iOiJodHRwczovL2hlbHAub3dhc3AtanVpY2Uuc2hvcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5saWNlbnNlcyI6Ik1JVCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZXZpc2lvbiI6IjM2ODcwY2IiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2Uuc291cmNlIjoiaHR0cHM6Ly9naXRodWIuY29tL2p1aWNlLXNob3AvanVpY2Utc2hvcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS50aXRsZSI6Ik9XQVNQIEp1aWNlIFNob3AiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudXJsIjoiaHR0cHM6Ly9vd2FzcC1qdWljZS5zaG9wIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlbmRvciI6Ik9wZW4gV29ybGR3aWRlIEFwcGxpY2F0aW9uIFNlY3VyaXR5IFByb2plY3QiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVyc2lvbiI6IjE5LjAuMCJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI1LTA5LTA0VDA2OjEzOjUzLjEyMDEyOTIwNFoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIyMDI1LTA5LTA0VDA1OjM4OjE4LjI5Nzc0MzU4NFoiLCJjcmVhdGVkX2J5IjoiQVJHIEJVSUxEX0RBVEU94oCdMjAyNS0wOS0wNFQwNTozODoxMVrigJ0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA5LTA0VDA1OjM4OjE4LjI5Nzc0MzU4NFoiLCJjcmVhdGVkX2J5IjoiQVJHIFZDU19SRUY9MzY4NzBjYiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDktMDRUMDU6Mzg6MTguMjk3NzQzNTg0WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBtYWludGFpbmVyPUJqb2VybiBLaW1taW5pY2ggXHUwMDNjYmpvZXJuLmtpbW1pbmljaEBvd2FzcC5vcmdcdTAwM2Ugb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnRpdGxlPU9XQVNQIEp1aWNlIFNob3Agb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRlc2NyaXB0aW9uPVByb2JhYmx5IHRoZSBtb3N0IG1vZGVybiBhbmQgc29waGlzdGljYXRlZCBpbnNlY3VyZSB3ZWIgYXBwbGljYXRpb24gb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnM9QmpvZXJuIEtpbW1pbmljaCBcdTAwM2Niam9lcm4ua2ltbWluaWNoQG93YXNwLm9yZ1x1MDAzZSBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVuZG9yPU9wZW4gV29ybGR3aWRlIEFwcGxpY2F0aW9uIFNlY3VyaXR5IFByb2plY3Qgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRvY3VtZW50YXRpb249aHR0cHM6Ly9oZWxwLm93YXNwLWp1aWNlLnNob3Agb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmxpY2Vuc2VzPU1JVCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVyc2lvbj0xOS4wLjAgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnVybD1odHRwczovL293YXNwLWp1aWNlLnNob3Agb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZT1odHRwczovL2dpdGh1Yi5jb20vanVpY2Utc2hvcC9qdWljZS1zaG9wIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZXZpc2lvbj0zNjg3MGNiIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5jcmVhdGVkPeKAnTIwMjUtMDktMDRUMDU6Mzg6MTFa4oCdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wOS0wNFQwNTozODoxOC4yOTc3NDM1ODRaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL2p1aWNlLXNob3AiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMDktMDRUMDY6MTM6NTMuMTIwMTI5MjA0WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC0tY2hvd249NjU1MzI6MCAvanVpY2Utc2hvcCAuICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMDktMDRUMDY6MTM6NTMuMTIwMTI5MjA0WiIsImNyZWF0ZWRfYnkiOiJVU0VSIDY1NTMyIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wOS0wNFQwNjoxMzo1My4xMjAxMjkyMDRaIiwiY3JlYXRlZF9ieSI6IkVYUE9TRSBtYXBbMzAwMC90Y3A6e31dIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wOS0wNFQwNjoxMzo1My4xMjAxMjkyMDRaIiwiY3JlYXRlZF9ieSI6IkNNRCBbXCIvanVpY2Utc2hvcC9idWlsZC9hcHAuanNcIl0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo5NTVhMGQzZmY3OTg3MjAwMzhjOTVjN2VmMWJmNDFmZWM3NDk2NTVlM2IxNDdmNzk3ODY4Zjk2ZmMxM2EyNDNiIiwic2hhMjU2OjhmYTEwYzAxOTRkZjliN2MwNTRjOTBkYmU0ODI1ODVmNzY4YTU0NDI4ZmM5MGE1Yjc4YTAwNjZhMTIzYjFiYmEiLCJzaGEyNTY6NDhjMGZiNjczODZlZDcxMzkyMWZjYzA0NjhiZTIzMjMxZDA4NzJmYTY3Y2NjOGVhMzkyOWRmNDY1NmI2ZGRmYyIsInNoYTI1NjoxMTRkZGUwZmVmZWJiY2ExMzE2NWQwZGE5YzUwMGE2NjE5MGU0OTdhODJhNTNkY2FhYmMzMTcyZDYzMGJlMWU5Iiwic2hhMjU2OjRkMDQ5ZjgzZDljZjIxZDFmNWNjMGUxMWRlYWYzNmRmMDI3OTBkMGU2MGMxYTM4Mjk1MzhmYjRiNjE2ODUzNjgiLCJzaGEyNTY6YWY1YWE5N2ViZTZjZTE2MDQ3NDdlYzFlMjFhZjcxMzZkZWQzOTFiY2FiZTRhY2VmODgyZTcxOGE4N2M4NmJjYyIsInNoYTI1Njo2ZjFjZGNlYjZhMzE0NmYwY2NiOTg2NTIxMTU2YmVmOGE0MjJjZGJiMDg2MzM5NmY3Zjc1MWY1NzViYTMwOGY0Iiwic2hhMjU2OmJiYjZjYWNiOGM4MmU0ZGE0ZTgxNDNlMDMzNTFlOTM5ZWFiNWUyMWNlMGVmMzMzYzQyZTYzN2FmODZjNTIxN2IiLCJzaGEyNTY6MmE5MmQ2YWM5ZTRmY2MyNzRkNTE2OGIyMTdjYTQ0NThhOWZlYzZmMDk0ZWFkNjhkOTljNzcwNzNmMDhjYWFjMSIsInNoYTI1NjoxYTczYjU0ZjU1NmI0NzdmMGE4YjkzOWQxM2M1MDRhM2I0ZjRkYjcxZjdhMDljNjNhZmJjMTBhY2IzZGU1ODQ5Iiwic2hhMjU2OmY0YWVlOWU1M2M0MmEyMmVkODI0NTEyMThjM2VhMDNkMWVlYThkNmNhOGZiZThlYjRlOTUwMzA0YmE4YThiYjMiLCJzaGEyNTY6YmZlOTEzN2ExYjA0NGU4MDk3Y2RmY2I2ODk5MTM3YThhOTg0ZWQ3MDkzMWVkMWU4ZWYwY2Y3ZTAyM2ExMzlmYyIsInNoYTI1Njo3Y2UyZjVkYWRjNWZkNTMwMjY0MzYyMDkwMDVlN2RiYzcxMmUxZTVlYmQ4Y2Q4ZjMxMzA3ZmVlYWE5ZmY0NzMzIiwic2hhMjU2OmM2OTExYmM3ZWU4YzRhY2M2ZDY0ODQ1ZTk4NmIxY2NkZDhlMzMxNmQyZTVhNjNhOTc5MDcxNGFmNzAzNzk4YWQiLCJzaGEyNTY6MTUwNTg3MzBlOTE0NjFlYjk4ZGNhY2NjZTJkODIxNGM3Y2I4OWYyMjdlNWYzZjQ4YWNjYjE3NzY3ZWVkYzliYiIsInNoYTI1NjoyNDUxNTdjZmM0MTkzOGY0OTY1MGMxOWY5OGQ3OWZkOTZjYzU2NDZiNDA1ZWUxYTllNzBjYmZmN2UwOWJiZjNiIiwic2hhMjU2OmU4NDAzMGQyZjI3MGFkOWYzNTRjZTIyYTE4ZjFlN2JmNGZiZGY1OTE4NjcyYzBiNmMwYjIzNTQ2ODVlY2Y4M2MiLCJzaGEyNTY6Y2RhOGFhMTBjN2VmMGQ0M2I0M2FkNjgzODVmYmE3ZGJiYzY0Nzc0NWZiMzllNGMyNzU1ZWY2NDI3ZjM2ZjcxNCIsInNoYTI1Njo5YjhjMDkyYmQ2ZWVmZjYwNDc2ZWJmMGJmZWUzMDEyZjY0MWQ0M2MxN2UyMmYxNzBkODYzNDhjMDk1NmMzYzgyIiwic2hhMjU2OjVhYzVhMTIzODY1YjUxMDdlZjM0MWQ1ZmQxMzZiODYzNDIxNmQzMGRiM2IwNGFmZDBkODkzZmNkYWFkMTZlMTQiLCJzaGEyNTY6YjlkMjM0MTFmMTQyYTQ3NzVkMjU0ZmNiMjQ3NDEyZGJhMzEzMDdjNzM2ZDMzYWQ3OTM4YjFjMTFjY2UzZTA3NyJdfX0=","repoDigests":["bkimminich/juice-shop@sha256:2765a26de7647609099a338d5b7f61085d95903c8703bb70f03fcc4b12f0818d"],"architecture":"arm64","os":"linux","labels":{"maintainer":"Bjoern Kimminich ","org.opencontainers.image.authors":"Bjoern Kimminich ","org.opencontainers.image.created":"”2025-09-04T05:38:11Z”","org.opencontainers.image.description":"Probably the most modern and sophisticated insecure web application","org.opencontainers.image.documentation":"https://help.owasp-juice.shop","org.opencontainers.image.licenses":"MIT","org.opencontainers.image.revision":"36870cb","org.opencontainers.image.source":"https://github.com/juice-shop/juice-shop","org.opencontainers.image.title":"OWASP Juice Shop","org.opencontainers.image.url":"https://owasp-juice.shop","org.opencontainers.image.vendor":"Open Worldwide Application Security Project","org.opencontainers.image.version":"19.0.0"}}},"distro":{"name":"debian","version":"12","idLike":[]},"descriptor":{"name":"grype","version":"0.100.0","configuration":{"output":["json"],"file":"","pretty":false,"distro":"","add-cpes-if-none":false,"output-template-file":"","check-for-app-update":true,"only-fixed":false,"only-notfixed":false,"ignore-wontfix":"","platform":"","search":{"scope":"squashed","unindexed-archives":false,"indexed-archives":true},"ignore":[{"vulnerability":"","include-aliases":false,"reason":"","namespace":"","fix-state":"","package":{"name":"kernel-headers","version":"","language":"","type":"rpm","location":"","upstream-name":"kernel"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"},{"vulnerability":"","include-aliases":false,"reason":"","namespace":"","fix-state":"","package":{"name":"linux(-.*)?-headers-.*","version":"","language":"","type":"deb","location":"","upstream-name":"linux.*"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"},{"vulnerability":"","include-aliases":false,"reason":"","namespace":"","fix-state":"","package":{"name":"linux-libc-dev","version":"","language":"","type":"deb","location":"","upstream-name":"linux"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"}],"exclude":[],"externalSources":{"enable":false,"maven":{"searchUpstreamBySha1":true,"baseUrl":"https://search.maven.org/solrsearch/select","rateLimit":300000000}},"match":{"java":{"using-cpes":false},"jvm":{"using-cpes":true},"dotnet":{"using-cpes":false},"golang":{"using-cpes":false,"always-use-cpe-for-stdlib":true,"allow-main-module-pseudo-version-comparison":false},"javascript":{"using-cpes":false},"python":{"using-cpes":false},"ruby":{"using-cpes":false},"rust":{"using-cpes":false},"stock":{"using-cpes":true}},"fail-on-severity":"","registry":{"insecure-skip-tls-verify":false,"insecure-use-http":false,"auth":null,"ca-cert":""},"show-suppressed":false,"by-cve":false,"SortBy":{"sort-by":"risk"},"name":"","default-image-pull-source":"","vex-documents":[],"vex-add":[],"match-upstream-kernel-headers":false,"fix-channel":{"redhat-eus":{"apply":"auto","versions":">= 8.0"}},"timestamp":true,"db":{"cache-dir":"/.cache/grype/db","update-url":"https://grype.anchore.io/databases","ca-cert":"","auto-update":true,"validate-by-hash-on-start":true,"validate-age":true,"max-allowed-built-age":432000000000000,"require-update-check":false,"update-available-timeout":30000000000,"update-download-timeout":300000000000,"max-update-check-frequency":7200000000000},"exp":{},"dev":{"db":{"debug":false}}},"db":{"status":{"schemaVersion":"v6.1.1","from":"https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.1_2025-10-03T01:30:06Z_1759471721.tar.zst?checksum=sha256%3A575a49034cb96e4bce6645fb5b74f168ca406472025412b837062bcb952a4c6f","built":"2025-10-03T06:08:41Z","path":"/.cache/grype/db/6/vulnerability.db","valid":true},"providers":{"alpine":{"captured":"2025-10-03T01:31:11Z","input":"xxh64:4f6f5290221583df"},"amazon":{"captured":"2025-10-03T01:31:31Z","input":"xxh64:918a3a6f68611810"},"bitnami":{"captured":"2025-10-03T01:31:29Z","input":"xxh64:59028f3a00db5038"},"chainguard":{"captured":"2025-10-03T01:31:09Z","input":"xxh64:d8f7d19b6cfa206a"},"chainguard-libraries":{"captured":"2025-10-03T01:31:19Z","input":"xxh64:728cf1a717ca40e6"},"debian":{"captured":"2025-10-03T01:31:08Z","input":"xxh64:77c230dbe08ffa77"},"echo":{"captured":"2025-10-03T01:31:15Z","input":"xxh64:893c3430b4107d34"},"epss":{"captured":"2025-10-03T01:31:11Z","input":"xxh64:f36509554631e07b"},"github":{"captured":"2025-10-03T01:31:17Z","input":"xxh64:68dcaf654d8185ce"},"kev":{"captured":"2025-10-03T01:31:20Z","input":"xxh64:751537090544ddd6"},"mariner":{"captured":"2025-10-03T01:31:19Z","input":"xxh64:a2fbbd4a563f81c9"},"minimos":{"captured":"2025-10-03T01:31:10Z","input":"xxh64:423db52a60fd9db4"},"nvd":{"captured":"2025-10-03T01:32:04Z","input":"xxh64:354c28cdcaf4f797"},"oracle":{"captured":"2025-10-03T01:31:45Z","input":"xxh64:f744d75e47e6bd49"},"rhel":{"captured":"2025-10-03T01:31:46Z","input":"xxh64:29af2181e9364ae0"},"sles":{"captured":"2025-10-03T01:31:22Z","input":"xxh64:22a1569666ceddb3"},"ubuntu":{"captured":"2025-10-03T01:32:42Z","input":"xxh64:ee957e5520a65dff"},"wolfi":{"captured":"2025-10-03T01:30:06Z","input":"xxh64:4266f2e82cb5d4e2"}}},"timestamp":"2025-10-03T12:24:33.853516347Z"}} \ No newline at end of file diff --git a/labs/lab4/trivy/trivy-vuln-detailed.json b/labs/lab4/trivy/trivy-vuln-detailed.json new file mode 100644 index 00000000..88c36593 --- /dev/null +++ b/labs/lab4/trivy/trivy-vuln-detailed.json @@ -0,0 +1,23965 @@ +{ + "SchemaVersion": 2, + "CreatedAt": "2025-10-03T12:31:55.152684176Z", + "ArtifactName": "bkimminich/juice-shop:v19.0.0", + "ArtifactType": "container_image", + "Metadata": { + "Size": 450560000, + "OS": { + "Family": "debian", + "Name": "12.11" + }, + "ImageID": "sha256:2a95df217ff812f173a6ee032816172e401f641d2a9cf526011d62b9734b503c", + "DiffIDs": [ + "sha256:955a0d3ff798720038c95c7ef1bf41fec749655e3b147f797868f96fc13a243b", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:48c0fb67386ed713921fcc0468be23231d0872fa67ccc8ea3929df4656b6ddfc", + "sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:bfe9137a1b044e8097cdfcb6899137a8a984ed70931ed1e8ef0cf7e023a139fc", + "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733", + "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad", + "sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb", + "sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b", + "sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c", + "sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714", + "sha256:9b8c092bd6eeff60476ebf0bfee3012f641d43c17e22f170d86348c0956c3c82", + "sha256:5ac5a123865b5107ef341d5fd136b8634216d30db3b04afd0d893fcdaad16e14", + "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + ], + "RepoTags": [ + "bkimminich/juice-shop:v19.0.0" + ], + "RepoDigests": [ + "bkimminich/juice-shop@sha256:2765a26de7647609099a338d5b7f61085d95903c8703bb70f03fcc4b12f0818d" + ], + "ImageConfig": { + "architecture": "arm64", + "created": "2025-09-04T06:13:53.120129204Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2025-09-04T05:38:18Z", + "created_by": "ARG BUILD_DATE=”2025-09-04T05:38:11Z”", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-04T05:38:18Z", + "created_by": "ARG VCS_REF=36870cb", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-04T05:38:18Z", + "created_by": "LABEL maintainer=Bjoern Kimminich \u003cbjoern.kimminich@owasp.org\u003e org.opencontainers.image.title=OWASP Juice Shop org.opencontainers.image.description=Probably the most modern and sophisticated insecure web application org.opencontainers.image.authors=Bjoern Kimminich \u003cbjoern.kimminich@owasp.org\u003e org.opencontainers.image.vendor=Open Worldwide Application Security Project org.opencontainers.image.documentation=https://help.owasp-juice.shop org.opencontainers.image.licenses=MIT org.opencontainers.image.version=19.0.0 org.opencontainers.image.url=https://owasp-juice.shop org.opencontainers.image.source=https://github.com/juice-shop/juice-shop org.opencontainers.image.revision=36870cb org.opencontainers.image.created=”2025-09-04T05:38:11Z”", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-04T05:38:18Z", + "created_by": "WORKDIR /juice-shop", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-04T06:13:53Z", + "created_by": "COPY --chown=65532:0 /juice-shop . # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-04T06:13:53Z", + "created_by": "USER 65532", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-04T06:13:53Z", + "created_by": "EXPOSE map[3000/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-04T06:13:53Z", + "created_by": "CMD [\"/juice-shop/build/app.js\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:955a0d3ff798720038c95c7ef1bf41fec749655e3b147f797868f96fc13a243b", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:48c0fb67386ed713921fcc0468be23231d0872fa67ccc8ea3929df4656b6ddfc", + "sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:bfe9137a1b044e8097cdfcb6899137a8a984ed70931ed1e8ef0cf7e023a139fc", + "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733", + "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad", + "sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb", + "sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b", + "sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c", + "sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714", + "sha256:9b8c092bd6eeff60476ebf0bfee3012f641d43c17e22f170d86348c0956c3c82", + "sha256:5ac5a123865b5107ef341d5fd136b8634216d30db3b04afd0d893fcdaad16e14", + "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + ] + }, + "config": { + "Cmd": [ + "/juice-shop/build/app.js" + ], + "Entrypoint": [ + "/nodejs/bin/node" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "maintainer": "Bjoern Kimminich \u003cbjoern.kimminich@owasp.org\u003e", + "org.opencontainers.image.authors": "Bjoern Kimminich \u003cbjoern.kimminich@owasp.org\u003e", + "org.opencontainers.image.created": "”2025-09-04T05:38:11Z”", + "org.opencontainers.image.description": "Probably the most modern and sophisticated insecure web application", + "org.opencontainers.image.documentation": "https://help.owasp-juice.shop", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.revision": "36870cb", + "org.opencontainers.image.source": "https://github.com/juice-shop/juice-shop", + "org.opencontainers.image.title": "OWASP Juice Shop", + "org.opencontainers.image.url": "https://owasp-juice.shop", + "org.opencontainers.image.vendor": "Open Worldwide Application Security Project", + "org.opencontainers.image.version": "19.0.0" + }, + "User": "65532", + "WorkingDir": "/juice-shop", + "ExposedPorts": { + "3000/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 327680, + "DiffID": "sha256:955a0d3ff798720038c95c7ef1bf41fec749655e3b147f797868f96fc13a243b" + }, + { + "Size": 40960, + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + { + "Size": 2406400, + "DiffID": "sha256:48c0fb67386ed713921fcc0468be23231d0872fa67ccc8ea3929df4656b6ddfc" + }, + { + "Size": 102400, + "DiffID": "sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9" + }, + { + "Size": 1536, + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "DiffID": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4" + }, + { + "Size": 2560, + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 241664, + "DiffID": "sha256:bfe9137a1b044e8097cdfcb6899137a8a984ed70931ed1e8ef0cf7e023a139fc" + }, + { + "Size": 23592960, + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + { + "Size": 5877760, + "DiffID": "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad" + }, + { + "Size": 112640, + "DiffID": "sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb" + }, + { + "Size": 348160, + "DiffID": "sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b" + }, + { + "Size": 2314240, + "DiffID": "sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c" + }, + { + "Size": 153600, + "DiffID": "sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714" + }, + { + "Size": 119715840, + "DiffID": "sha256:9b8c092bd6eeff60476ebf0bfee3012f641d43c17e22f170d86348c0956c3c82" + }, + { + "Size": 1536, + "DiffID": "sha256:5ac5a123865b5107ef341d5fd136b8634216d30db3b04afd0d893fcdaad16e14" + }, + { + "Size": 295300096, + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + } + ] + }, + "Results": [ + { + "Target": "bkimminich/juice-shop:v19.0.0 (debian 12.11)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u11", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u11?arch=arm64\u0026distro=debian-12.11", + "UID": "48ab250bf8427189" + }, + "Version": "12.4+deb12u11", + "Arch": "arm64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u11", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Layer": { + "DiffID": "sha256:955a0d3ff798720038c95c7ef1bf41fec749655e3b147f797868f96fc13a243b" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ] + }, + { + "ID": "gcc-12-base@12.2.0-14+deb12u1", + "Name": "gcc-12-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "9a0aa89ce4aa00f8" + }, + "Version": "12.2.0", + "Release": "14+deb12u1", + "Arch": "arm64", + "SrcName": "gcc-12", + "SrcVersion": "12.2.0", + "SrcRelease": "14+deb12u1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "GPL-2.0-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-12-base/README.Debian.arm64.gz", + "/usr/share/doc/gcc-12-base/TODO.Debian", + "/usr/share/doc/gcc-12-base/changelog.Debian.gz", + "/usr/share/doc/gcc-12-base/copyright" + ] + }, + { + "ID": "libc6@2.36-9+deb12u10", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "Version": "2.36", + "Release": "9+deb12u10", + "Arch": "arm64", + "SrcName": "glibc", + "SrcVersion": "2.36", + "SrcRelease": "9+deb12u10", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "InstalledFiles": [ + "/lib/aarch64-linux-gnu/ld-linux-aarch64.so.1", + "/lib/aarch64-linux-gnu/libBrokenLocale.so.1", + "/lib/aarch64-linux-gnu/libanl.so.1", + "/lib/aarch64-linux-gnu/libc.so.6", + "/lib/aarch64-linux-gnu/libc_malloc_debug.so.0", + "/lib/aarch64-linux-gnu/libdl.so.2", + "/lib/aarch64-linux-gnu/libm.so.6", + "/lib/aarch64-linux-gnu/libmemusage.so", + "/lib/aarch64-linux-gnu/libnsl.so.1", + "/lib/aarch64-linux-gnu/libnss_compat.so.2", + "/lib/aarch64-linux-gnu/libnss_dns.so.2", + "/lib/aarch64-linux-gnu/libnss_files.so.2", + "/lib/aarch64-linux-gnu/libnss_hesiod.so.2", + "/lib/aarch64-linux-gnu/libpcprofile.so", + "/lib/aarch64-linux-gnu/libpthread.so.0", + "/lib/aarch64-linux-gnu/libresolv.so.2", + "/lib/aarch64-linux-gnu/librt.so.1", + "/lib/aarch64-linux-gnu/libthread_db.so.1", + "/lib/aarch64-linux-gnu/libutil.so.1", + "/usr/lib/aarch64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/aarch64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/aarch64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/aarch64-linux-gnu/gconv/BIG5.so", + "/usr/lib/aarch64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/aarch64-linux-gnu/gconv/BRF.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP10007.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1125.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1250.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1251.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1252.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1253.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1254.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1255.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1256.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1257.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP1258.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP737.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP770.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP771.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP772.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP773.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP774.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP775.so", + "/usr/lib/aarch64-linux-gnu/gconv/CP932.so", + "/usr/lib/aarch64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/aarch64-linux-gnu/gconv/CWI.so", + "/usr/lib/aarch64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/aarch64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/aarch64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/aarch64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/aarch64-linux-gnu/gconv/GB18030.so", + "/usr/lib/aarch64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/aarch64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/aarch64-linux-gnu/gconv/GBK.so", + "/usr/lib/aarch64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/aarch64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/aarch64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/aarch64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/aarch64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/aarch64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/aarch64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/aarch64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/aarch64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/aarch64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/aarch64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM037.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM038.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM256.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM273.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM274.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM275.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM277.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM278.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM280.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM281.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM284.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM285.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM290.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM297.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM420.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM423.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM424.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM437.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM500.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM803.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM850.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM851.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM852.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM855.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM856.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM857.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM858.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM860.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM861.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM862.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM863.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM864.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM865.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM866.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM868.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM869.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM870.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM871.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM874.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM875.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM880.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM891.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM901.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM902.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM903.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM904.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM905.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM918.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM921.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM922.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM930.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM932.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM933.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM935.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM937.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM939.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM943.so", + "/usr/lib/aarch64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/aarch64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/aarch64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/aarch64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/aarch64-linux-gnu/gconv/INIS.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO646.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/aarch64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/aarch64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/aarch64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/aarch64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/aarch64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/aarch64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/aarch64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/aarch64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/aarch64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/aarch64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/aarch64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/aarch64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/aarch64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/aarch64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/aarch64-linux-gnu/gconv/MIK.so", + "/usr/lib/aarch64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/aarch64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/aarch64-linux-gnu/gconv/PT154.so", + "/usr/lib/aarch64-linux-gnu/gconv/RK1048.so", + "/usr/lib/aarch64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/aarch64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/aarch64-linux-gnu/gconv/SJIS.so", + "/usr/lib/aarch64-linux-gnu/gconv/T.61.so", + "/usr/lib/aarch64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/aarch64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/aarch64-linux-gnu/gconv/TSCII.so", + "/usr/lib/aarch64-linux-gnu/gconv/UHC.so", + "/usr/lib/aarch64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/aarch64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/aarch64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/aarch64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/aarch64-linux-gnu/gconv/VISCII.so", + "/usr/lib/aarch64-linux-gnu/gconv/gconv-modules", + "/usr/lib/aarch64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/aarch64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/aarch64-linux-gnu/gconv/libCNS.so", + "/usr/lib/aarch64-linux-gnu/gconv/libGB.so", + "/usr/lib/aarch64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/aarch64-linux-gnu/gconv/libJIS.so", + "/usr/lib/aarch64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/aarch64-linux-gnu/gconv/libKSC.so", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ] + }, + { + "ID": "libgcc-s1@12.2.0-14+deb12u1", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "18cb3c5a9343479c" + }, + "Version": "12.2.0", + "Release": "14+deb12u1", + "Arch": "arm64", + "SrcName": "gcc-12", + "SrcVersion": "12.2.0", + "SrcRelease": "14+deb12u1", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714" + }, + "InstalledFiles": [ + "/lib/aarch64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ] + }, + { + "ID": "libgomp1@12.2.0-14+deb12u1", + "Name": "libgomp1", + "Identifier": { + "PURL": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "598f9373be6c7c70" + }, + "Version": "12.2.0", + "Release": "14+deb12u1", + "Arch": "arm64", + "SrcName": "gcc-12", + "SrcVersion": "12.2.0", + "SrcRelease": "14+deb12u1", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b" + }, + "InstalledFiles": [ + "/usr/lib/aarch64-linux-gnu/libgomp.so.1.0.0" + ] + }, + { + "ID": "libssl3@3.0.17-1~deb12u2", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64\u0026distro=debian-12.11", + "UID": "588f4aab9696e680" + }, + "Version": "3.0.17", + "Release": "1~deb12u2", + "Arch": "arm64", + "SrcName": "openssl", + "SrcVersion": "3.0.17", + "SrcRelease": "1~deb12u2", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Layer": { + "DiffID": "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad" + }, + "InstalledFiles": [ + "/usr/lib/aarch64-linux-gnu/engines-3/afalg.so", + "/usr/lib/aarch64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/aarch64-linux-gnu/engines-3/padlock.so", + "/usr/lib/aarch64-linux-gnu/libcrypto.so.3", + "/usr/lib/aarch64-linux-gnu/libssl.so.3", + "/usr/lib/aarch64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/libssl3/changelog.Debian.gz", + "/usr/share/doc/libssl3/changelog.gz", + "/usr/share/doc/libssl3/copyright" + ] + }, + { + "ID": "libstdc++6@12.2.0-14+deb12u1", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "c9bdaef45182ffc3" + }, + "Version": "12.2.0", + "Release": "14+deb12u1", + "Arch": "arm64", + "SrcName": "gcc-12", + "SrcVersion": "12.2.0", + "SrcRelease": "14+deb12u1", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c" + }, + "InstalledFiles": [ + "/usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.30", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.30-gdb.py" + ] + }, + { + "ID": "media-types@10.0.0", + "Name": "media-types", + "Identifier": { + "PURL": "pkg:deb/debian/media-types@10.0.0?arch=all\u0026distro=debian-12.11", + "UID": "6cdc3435ff1bc387" + }, + "Version": "10.0.0", + "Arch": "all", + "SrcName": "media-types", + "SrcVersion": "10.0.0", + "Licenses": [ + "ad-hoc" + ], + "Maintainer": "Mime-Support Packagers \u003cteam+debian-mimesupport-packagers@tracker.debian.org\u003e", + "Layer": { + "DiffID": "sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9" + }, + "InstalledFiles": [ + "/usr/share/bug/media-types/presubj", + "/usr/share/doc/media-types/changelog.gz", + "/usr/share/doc/media-types/copyright" + ] + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.11", + "UID": "f456f8e8cbbd3725" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Layer": { + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ] + }, + { + "ID": "tzdata@2025b-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2025b-0%2Bdeb12u1?arch=all\u0026distro=debian-12.11", + "UID": "b1419d91d2ebce12" + }, + "Version": "2025b", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2025b", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Layer": { + "DiffID": "sha256:48c0fb67386ed713921fcc0468be23231d0872fa67ccc8ea3929df4656b6ddfc" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Coyhaique", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ] + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-27943", + "PkgID": "gcc-12-base@12.2.0-14+deb12u1", + "PkgName": "gcc-12-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "9a0aa89ce4aa00f8" + }, + "InstalledVersion": "12.2.0-14+deb12u1", + "Status": "affected", + "Layer": { + "DiffID": "sha256:15058730e91461eb98dcaccce2d8214c7cb89f227e5f3f48accb17767eedc9bb" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27943", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", + "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", + "https://www.cve.org/CVERecord?id=CVE-2022-27943" + ], + "PublishedDate": "2022-03-26T13:15:07.9Z", + "LastModifiedDate": "2024-11-21T06:56:31.04Z" + }, + { + "VulnerabilityID": "CVE-2025-4802", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "FixedVersion": "2.36-9+deb12u11", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/16/7", + "http://www.openwall.com/lists/oss-security/2025/05/17/2", + "https://access.redhat.com/errata/RHSA-2025:8655", + "https://access.redhat.com/security/cve/CVE-2025-4802", + "https://bugzilla.redhat.com/2367468", + "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", + "https://errata.almalinux.org/9/ALSA-2025-8655.html", + "https://errata.rockylinux.org/RLSA-2025:8686", + "https://linux.oracle.com/cve/CVE-2025-4802.html", + "https://linux.oracle.com/errata/ELSA-2025-8686.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", + "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", + "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", + "https://ubuntu.com/security/notices/USN-7541-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4802", + "https://www.openwall.com/lists/oss-security/2025/05/16/7", + "https://www.openwall.com/lists/oss-security/2025/05/17/2" + ], + "PublishedDate": "2025-05-16T20:15:22.28Z", + "LastModifiedDate": "2025-06-17T14:09:23.137Z" + }, + { + "VulnerabilityID": "CVE-2025-8058", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "FixedVersion": "2.36-9+deb12u13", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8058", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: Double free in glibc", + "Description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:13240", + "https://access.redhat.com/security/cve/CVE-2025-8058", + "https://bugzilla.redhat.com/2383146", + "https://bugzilla.redhat.com/show_bug.cgi?id=2383146", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058", + "https://errata.almalinux.org/10/ALSA-2025-13240.html", + "https://errata.rockylinux.org/RLSA-2025:12980", + "https://linux.oracle.com/cve/CVE-2025-8058.html", + "https://linux.oracle.com/errata/ELSA-2025-20595.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "https://ubuntu.com/security/notices/USN-7760-1", + "https://www.cve.org/CVERecord?id=CVE-2025-8058" + ], + "PublishedDate": "2025-07-23T20:15:27.747Z", + "LastModifiedDate": "2025-07-25T15:29:44.523Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://access.redhat.com/security/cve/CVE-2010-4756", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "https://www.cve.org/CVERecord?id=CVE-2010-4756" + ], + "PublishedDate": "2011-03-02T20:00:01.037Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://access.redhat.com/security/cve/CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2018-20796" + ], + "PublishedDate": "2019-02-26T02:29:00.45Z", + "LastModifiedDate": "2024-11-21T04:02:11.827Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010022", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022", + "https://www.cve.org/CVERecord?id=CVE-2019-1010022" + ], + "PublishedDate": "2019-07-15T04:15:13.317Z", + "LastModifiedDate": "2024-11-21T04:17:55.5Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://access.redhat.com/security/cve/CVE-2019-1010023", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023", + "https://www.cve.org/CVERecord?id=CVE-2019-1010023" + ], + "PublishedDate": "2019-07-15T04:15:13.397Z", + "LastModifiedDate": "2024-11-21T04:17:55.643Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://access.redhat.com/security/cve/CVE-2019-1010024", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024", + "https://www.cve.org/CVERecord?id=CVE-2019-1010024" + ], + "PublishedDate": "2019-07-15T04:15:13.473Z", + "LastModifiedDate": "2024-11-21T04:17:55.843Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-330" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010025", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025", + "https://www.cve.org/CVERecord?id=CVE-2019-1010025" + ], + "PublishedDate": "2019-07-15T04:15:13.537Z", + "LastModifiedDate": "2024-11-21T04:17:55.96Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgID": "libc6@2.36-9+deb12u10", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64\u0026distro=debian-12.11", + "UID": "2faca8be6ecbed12" + }, + "InstalledVersion": "2.36-9+deb12u10", + "Status": "affected", + "Layer": { + "DiffID": "sha256:7ce2f5dadc5fd53026436209005e7dbc712e1e5ebd8cd8f31307feeaa9ff4733" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-9192", + "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-9192" + ], + "PublishedDate": "2019-02-26T18:29:00.34Z", + "LastModifiedDate": "2024-11-21T04:51:10.53Z" + }, + { + "VulnerabilityID": "CVE-2022-27943", + "PkgID": "libgcc-s1@12.2.0-14+deb12u1", + "PkgName": "libgcc-s1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "18cb3c5a9343479c" + }, + "InstalledVersion": "12.2.0-14+deb12u1", + "Status": "affected", + "Layer": { + "DiffID": "sha256:cda8aa10c7ef0d43b43ad68385fba7dbbc647745fb39e4c2755ef6427f36f714" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27943", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", + "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", + "https://www.cve.org/CVERecord?id=CVE-2022-27943" + ], + "PublishedDate": "2022-03-26T13:15:07.9Z", + "LastModifiedDate": "2024-11-21T06:56:31.04Z" + }, + { + "VulnerabilityID": "CVE-2022-27943", + "PkgID": "libgomp1@12.2.0-14+deb12u1", + "PkgName": "libgomp1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "598f9373be6c7c70" + }, + "InstalledVersion": "12.2.0-14+deb12u1", + "Status": "affected", + "Layer": { + "DiffID": "sha256:245157cfc41938f49650c19f98d79fd96cc5646b405ee1a9e70cbff7e09bbf3b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27943", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", + "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", + "https://www.cve.org/CVERecord?id=CVE-2022-27943" + ], + "PublishedDate": "2022-03-26T13:15:07.9Z", + "LastModifiedDate": "2024-11-21T06:56:31.04Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "VendorIDs": [ + "DSA-6015-1" + ], + "PkgID": "libssl3@3.0.17-1~deb12u2", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64\u0026distro=debian-12.11", + "UID": "588f4aab9696e680" + }, + "InstalledVersion": "3.0.17-1~deb12u2", + "FixedVersion": "3.0.17-1~deb12u3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2025-10-02T19:12:17.16Z" + }, + { + "VulnerabilityID": "CVE-2025-27587", + "PkgID": "libssl3@3.0.17-1~deb12u2", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64\u0026distro=debian-12.11", + "UID": "588f4aab9696e680" + }, + "InstalledVersion": "3.0.17-1~deb12u2", + "Status": "affected", + "Layer": { + "DiffID": "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", + "Description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "Severity": "LOW", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "debian": 1, + "ubuntu": 1 + }, + "References": [ + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz", + "https://www.cve.org/CVERecord?id=CVE-2025-27587" + ], + "PublishedDate": "2025-06-16T22:15:44.093Z", + "LastModifiedDate": "2025-06-26T17:15:30.497Z" + }, + { + "VulnerabilityID": "CVE-2025-9232", + "VendorIDs": [ + "DSA-6015-1" + ], + "PkgID": "libssl3@3.0.17-1~deb12u2", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64\u0026distro=debian-12.11", + "UID": "588f4aab9696e680" + }, + "InstalledVersion": "3.0.17-1~deb12u2", + "FixedVersion": "3.0.17-1~deb12u3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:c6911bc7ee8c4acc6d64845e986b1ccdd8e3316d2e5a63a9790714af703798ad" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "Description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-9232", + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9232" + ], + "PublishedDate": "2025-09-30T14:15:41.313Z", + "LastModifiedDate": "2025-10-02T19:12:17.16Z" + }, + { + "VulnerabilityID": "CVE-2022-27943", + "PkgID": "libstdc++6@12.2.0-14+deb12u1", + "PkgName": "libstdc++6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=arm64\u0026distro=debian-12.11", + "UID": "c9bdaef45182ffc3" + }, + "InstalledVersion": "12.2.0-14+deb12u1", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e84030d2f270ad9f354ce22a18f1e7bf4fbdf5918672c0b6c0b2354685ecf83c" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27943", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", + "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", + "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", + "https://www.cve.org/CVERecord?id=CVE-2022-27943" + ], + "PublishedDate": "2022-03-26T13:15:07.9Z", + "LastModifiedDate": "2024-11-21T06:56:31.04Z" + } + ] + }, + { + "Target": "Node.js", + "Class": "lang-pkgs", + "Type": "node-pkg", + "Packages": [ + { + "ID": "1to2@1.0.0", + "Name": "1to2", + "Identifier": { + "PURL": "pkg:npm/1to2@1.0.0", + "UID": "92d0a1b4c03e233b" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/nan/tools/package.json" + }, + { + "ID": "@adraffy/ens-normalize@1.10.1", + "Name": "@adraffy/ens-normalize", + "Identifier": { + "PURL": "pkg:npm/%40adraffy/ens-normalize@1.10.1", + "UID": "7e84d561bde1f75c" + }, + "Version": "1.10.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@adraffy/ens-normalize/package.json" + }, + { + "ID": "@babel/helper-string-parser@7.27.1", + "Name": "@babel/helper-string-parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", + "UID": "6585750110b688f6" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@babel/helper-string-parser/package.json" + }, + { + "ID": "@babel/helper-validator-identifier@7.27.1", + "Name": "@babel/helper-validator-identifier", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", + "UID": "2a1b90fb5ade5f96" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@babel/helper-validator-identifier/package.json" + }, + { + "ID": "@babel/parser@7.28.3", + "Name": "@babel/parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/parser@7.28.3", + "UID": "e10a8c92b223b8" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@babel/parser/package.json" + }, + { + "ID": "@babel/types@7.28.2", + "Name": "@babel/types", + "Identifier": { + "PURL": "pkg:npm/%40babel/types@7.28.2", + "UID": "d99a9876cbfa08f7" + }, + "Version": "7.28.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@babel/types/package.json" + }, + { + "ID": "@colors/colors@1.6.0", + "Name": "@colors/colors", + "Identifier": { + "PURL": "pkg:npm/%40colors/colors@1.6.0", + "UID": "87c4bccf1623c6e9" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/logform/node_modules/@colors/colors/package.json" + }, + { + "ID": "@colors/colors@1.6.0", + "Name": "@colors/colors", + "Identifier": { + "PURL": "pkg:npm/%40colors/colors@1.6.0", + "UID": "54b1bbce4df6f02f" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston/node_modules/@colors/colors/package.json" + }, + { + "ID": "@dabh/diagnostics@2.0.3", + "Name": "@dabh/diagnostics", + "Identifier": { + "PURL": "pkg:npm/%40dabh/diagnostics@2.0.3", + "UID": "3e7b153d7ff749b9" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@dabh/diagnostics/package.json" + }, + { + "ID": "@ethereumjs/rlp@4.0.1", + "Name": "@ethereumjs/rlp", + "Identifier": { + "PURL": "pkg:npm/%40ethereumjs/rlp@4.0.1", + "UID": "d133906b9b7b84d3" + }, + "Version": "4.0.1", + "Licenses": [ + "MPL-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@ethereumjs/rlp/package.json" + }, + { + "ID": "@ethereumjs/rlp@5.0.2", + "Name": "@ethereumjs/rlp", + "Identifier": { + "PURL": "pkg:npm/%40ethereumjs/rlp@5.0.2", + "UID": "2bb10b6b50447a2e" + }, + "Version": "5.0.2", + "Licenses": [ + "MPL-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-contract/node_modules/@ethereumjs/rlp/package.json" + }, + { + "ID": "@gar/promisify@1.1.3", + "Name": "@gar/promisify", + "Identifier": { + "PURL": "pkg:npm/%40gar/promisify@1.1.3", + "UID": "666c895cb46fceb9" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@gar/promisify/package.json" + }, + { + "ID": "@isaacs/cliui@8.0.2", + "Name": "@isaacs/cliui", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", + "UID": "a3b5bc940659425d" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/cliui/package.json" + }, + { + "ID": "@isaacs/fs-minipass@4.0.1", + "Name": "@isaacs/fs-minipass", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", + "UID": "558dd8770c3c009e" + }, + "Version": "4.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/fs-minipass/package.json" + }, + { + "ID": "@my-scope/package-a@0.0.0", + "Name": "@my-scope/package-a", + "Identifier": { + "PURL": "pkg:npm/%40my-scope/package-a@0.0.0", + "UID": "f655d65edd5e3d6d" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve/test/resolver/multirepo/packages/package-a/package.json" + }, + { + "ID": "@my-scope/package-b@0.0.0", + "Name": "@my-scope/package-b", + "Identifier": { + "PURL": "pkg:npm/%40my-scope/package-b@0.0.0", + "UID": "c16266635b9452b0" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve/test/resolver/multirepo/packages/package-b/package.json" + }, + { + "ID": "@nlpjs/core@4.26.1", + "Name": "@nlpjs/core", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/core@4.26.1", + "UID": "3bb3437288d532bc" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/core/package.json" + }, + { + "ID": "@nlpjs/core-loader@4.26.1", + "Name": "@nlpjs/core-loader", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/core-loader@4.26.1", + "UID": "b44e5f65e5e65dd9" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/core-loader/package.json" + }, + { + "ID": "@nlpjs/evaluator@4.26.1", + "Name": "@nlpjs/evaluator", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/evaluator@4.26.1", + "UID": "381f921641043ad2" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/evaluator/package.json" + }, + { + "ID": "@nlpjs/lang-en@4.26.1", + "Name": "@nlpjs/lang-en", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/lang-en@4.26.1", + "UID": "cddf25f71abd4c8b" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/lang-en/package.json" + }, + { + "ID": "@nlpjs/lang-en-min@4.26.1", + "Name": "@nlpjs/lang-en-min", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/lang-en-min@4.26.1", + "UID": "eab62df17e08a29e" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/lang-en-min/package.json" + }, + { + "ID": "@nlpjs/language@4.25.0", + "Name": "@nlpjs/language", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/language@4.25.0", + "UID": "d544f1addc74a467" + }, + "Version": "4.25.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/language/package.json" + }, + { + "ID": "@nlpjs/language-min@4.25.0", + "Name": "@nlpjs/language-min", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/language-min@4.25.0", + "UID": "c7abf7fde97329e1" + }, + "Version": "4.25.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/language-min/package.json" + }, + { + "ID": "@nlpjs/ner@4.27.0", + "Name": "@nlpjs/ner", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/ner@4.27.0", + "UID": "93d483961175166f" + }, + "Version": "4.27.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/ner/package.json" + }, + { + "ID": "@nlpjs/neural@4.25.0", + "Name": "@nlpjs/neural", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/neural@4.25.0", + "UID": "9221c9437ffec093" + }, + "Version": "4.25.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/neural/package.json" + }, + { + "ID": "@nlpjs/nlg@4.26.1", + "Name": "@nlpjs/nlg", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/nlg@4.26.1", + "UID": "bf3b94c155afca14" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/nlg/package.json" + }, + { + "ID": "@nlpjs/nlp@4.27.0", + "Name": "@nlpjs/nlp", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/nlp@4.27.0", + "UID": "22770c9eda81a866" + }, + "Version": "4.27.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/nlp/package.json" + }, + { + "ID": "@nlpjs/nlu@4.27.0", + "Name": "@nlpjs/nlu", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/nlu@4.27.0", + "UID": "8e2f3d4804b13089" + }, + "Version": "4.27.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/nlu/package.json" + }, + { + "ID": "@nlpjs/request@4.25.0", + "Name": "@nlpjs/request", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/request@4.25.0", + "UID": "b7d2baba84ad904a" + }, + "Version": "4.25.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/request/package.json" + }, + { + "ID": "@nlpjs/sentiment@4.26.1", + "Name": "@nlpjs/sentiment", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/sentiment@4.26.1", + "UID": "b29a718f15a6b848" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/sentiment/package.json" + }, + { + "ID": "@nlpjs/similarity@4.26.1", + "Name": "@nlpjs/similarity", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/similarity@4.26.1", + "UID": "298aa3f751135b0e" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/similarity/package.json" + }, + { + "ID": "@nlpjs/slot@4.26.1", + "Name": "@nlpjs/slot", + "Identifier": { + "PURL": "pkg:npm/%40nlpjs/slot@4.26.1", + "UID": "5f0e395ec12b67eb" + }, + "Version": "4.26.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@nlpjs/slot/package.json" + }, + { + "ID": "@noble/curves@1.2.0", + "Name": "@noble/curves", + "Identifier": { + "PURL": "pkg:npm/%40noble/curves@1.2.0", + "UID": "8c449bb986008846" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@noble/curves/package.json" + }, + { + "ID": "@noble/curves@1.4.2", + "Name": "@noble/curves", + "Identifier": { + "PURL": "pkg:npm/%40noble/curves@1.4.2", + "UID": "dbc3aa7953dc256c" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/bip32/node_modules/@noble/curves/package.json" + }, + { + "ID": "@noble/curves@1.4.2", + "Name": "@noble/curves", + "Identifier": { + "PURL": "pkg:npm/%40noble/curves@1.4.2", + "UID": "e97e1b2fdf94eb36" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethereum-cryptography/node_modules/@noble/curves/package.json" + }, + { + "ID": "@noble/hashes@1.3.2", + "Name": "@noble/hashes", + "Identifier": { + "PURL": "pkg:npm/%40noble/hashes@1.3.2", + "UID": "3b90d4f18da21147" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@noble/hashes/package.json" + }, + { + "ID": "@noble/hashes@1.4.0", + "Name": "@noble/hashes", + "Identifier": { + "PURL": "pkg:npm/%40noble/hashes@1.4.0", + "UID": "3d3b56c0868b6249" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/bip32/node_modules/@noble/hashes/package.json" + }, + { + "ID": "@noble/hashes@1.4.0", + "Name": "@noble/hashes", + "Identifier": { + "PURL": "pkg:npm/%40noble/hashes@1.4.0", + "UID": "1969f260c2a98eae" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/bip39/node_modules/@noble/hashes/package.json" + }, + { + "ID": "@noble/hashes@1.4.0", + "Name": "@noble/hashes", + "Identifier": { + "PURL": "pkg:npm/%40noble/hashes@1.4.0", + "UID": "ba36d8210a12ff97" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethereum-cryptography/node_modules/@noble/hashes/package.json" + }, + { + "ID": "@npmcli/agent@3.0.0", + "Name": "@npmcli/agent", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/agent@3.0.0", + "UID": "8c312cd56f923feb" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/agent/package.json" + }, + { + "ID": "@npmcli/fs@1.1.1", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@1.1.1", + "UID": "3e98aec8c414317b" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/@npmcli/fs/package.json" + }, + { + "ID": "@npmcli/fs@4.0.0", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@4.0.0", + "UID": "62a81da47c262e88" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/fs/package.json" + }, + { + "ID": "@npmcli/move-file@1.1.2", + "Name": "@npmcli/move-file", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/move-file@1.1.2", + "UID": "408b281098d5ee96" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/move-file/package.json" + }, + { + "ID": "@otplib/core@12.0.1", + "Name": "@otplib/core", + "Identifier": { + "PURL": "pkg:npm/%40otplib/core@12.0.1", + "UID": "8be19fab742b3065" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@otplib/core/package.json" + }, + { + "ID": "@otplib/plugin-crypto@12.0.1", + "Name": "@otplib/plugin-crypto", + "Identifier": { + "PURL": "pkg:npm/%40otplib/plugin-crypto@12.0.1", + "UID": "398822c6be0f7b7" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@otplib/plugin-crypto/package.json" + }, + { + "ID": "@otplib/plugin-thirty-two@12.0.1", + "Name": "@otplib/plugin-thirty-two", + "Identifier": { + "PURL": "pkg:npm/%40otplib/plugin-thirty-two@12.0.1", + "UID": "96fe082eb2cf27ed" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@otplib/plugin-thirty-two/package.json" + }, + { + "ID": "@otplib/preset-default@12.0.1", + "Name": "@otplib/preset-default", + "Identifier": { + "PURL": "pkg:npm/%40otplib/preset-default@12.0.1", + "UID": "d0d34e284d5903ae" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@otplib/preset-default/package.json" + }, + { + "ID": "@otplib/preset-v11@12.0.1", + "Name": "@otplib/preset-v11", + "Identifier": { + "PURL": "pkg:npm/%40otplib/preset-v11@12.0.1", + "UID": "adf310d4eda7aa54" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@otplib/preset-v11/package.json" + }, + { + "ID": "@pkgjs/parseargs@0.11.0", + "Name": "@pkgjs/parseargs", + "Identifier": { + "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "UID": "e1fb781e25a4fa32" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@pkgjs/parseargs/package.json" + }, + { + "ID": "@scarf/scarf@1.4.0", + "Name": "@scarf/scarf", + "Identifier": { + "PURL": "pkg:npm/%40scarf/scarf@1.4.0", + "UID": "5e695d454c361760" + }, + "Version": "1.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scarf/scarf/package.json" + }, + { + "ID": "@scure/base@1.1.9", + "Name": "@scure/base", + "Identifier": { + "PURL": "pkg:npm/%40scure/base@1.1.9", + "UID": "f033abbb642bfb09" + }, + "Version": "1.1.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/base/package.json" + }, + { + "ID": "@scure/bip32@1.4.0", + "Name": "@scure/bip32", + "Identifier": { + "PURL": "pkg:npm/%40scure/bip32@1.4.0", + "UID": "832652f2eeac87bb" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/bip32/package.json" + }, + { + "ID": "@scure/bip39@1.3.0", + "Name": "@scure/bip39", + "Identifier": { + "PURL": "pkg:npm/%40scure/bip39@1.3.0", + "UID": "e06ee1df6fd1dd73" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@scure/bip39/package.json" + }, + { + "ID": "@sindresorhus/is@0.7.0", + "Name": "@sindresorhus/is", + "Identifier": { + "PURL": "pkg:npm/%40sindresorhus/is@0.7.0", + "UID": "b9e3445db5d6f6e1" + }, + "Version": "0.7.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@sindresorhus/is/package.json" + }, + { + "ID": "@swc/helpers@0.3.17", + "Name": "@swc/helpers", + "Identifier": { + "PURL": "pkg:npm/%40swc/helpers@0.3.17", + "UID": "126839a6da065189" + }, + "Version": "0.3.17", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@swc/helpers/package.json" + }, + { + "ID": "@tokenizer/token@0.3.0", + "Name": "@tokenizer/token", + "Identifier": { + "PURL": "pkg:npm/%40tokenizer/token@0.3.0", + "UID": "1065ad234139f2eb" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@tokenizer/token/package.json" + }, + { + "ID": "@tootallnate/once@1.1.2", + "Name": "@tootallnate/once", + "Identifier": { + "PURL": "pkg:npm/%40tootallnate/once@1.1.2", + "UID": "74e467ae7f60c65a" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/@tootallnate/once/package.json" + }, + { + "ID": "@tootallnate/once@2.0.0", + "Name": "@tootallnate/once", + "Identifier": { + "PURL": "pkg:npm/%40tootallnate/once@2.0.0", + "UID": "cf8e86100aa21471" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@tootallnate/once/package.json" + }, + { + "ID": "@types/component-emitter@1.2.14", + "Name": "@types/component-emitter", + "Identifier": { + "PURL": "pkg:npm/%40types/component-emitter@1.2.14", + "UID": "b53a9f7694fa29e5" + }, + "Version": "1.2.14", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/component-emitter/package.json" + }, + { + "ID": "@types/cookie@0.4.1", + "Name": "@types/cookie", + "Identifier": { + "PURL": "pkg:npm/%40types/cookie@0.4.1", + "UID": "fcb1993127720ebe" + }, + "Version": "0.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/cookie/package.json" + }, + { + "ID": "@types/cors@2.8.19", + "Name": "@types/cors", + "Identifier": { + "PURL": "pkg:npm/%40types/cors@2.8.19", + "UID": "8341aa3ce6e747ef" + }, + "Version": "2.8.19", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/cors/package.json" + }, + { + "ID": "@types/debug@4.1.12", + "Name": "@types/debug", + "Identifier": { + "PURL": "pkg:npm/%40types/debug@4.1.12", + "UID": "21ab6aaef76ffe92" + }, + "Version": "4.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/debug/package.json" + }, + { + "ID": "@types/ms@2.1.0", + "Name": "@types/ms", + "Identifier": { + "PURL": "pkg:npm/%40types/ms@2.1.0", + "UID": "c9c094ef9c4ac7e1" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/ms/package.json" + }, + { + "ID": "@types/node@20.19.12", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@20.19.12", + "UID": "4fab26c4c6e7ca83" + }, + "Version": "20.19.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/node/package.json" + }, + { + "ID": "@types/node@22.7.5", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@22.7.5", + "UID": "f3a97bd7f51a112a" + }, + "Version": "22.7.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethers/node_modules/@types/node/package.json" + }, + { + "ID": "@types/strip-bom@3.0.0", + "Name": "@types/strip-bom", + "Identifier": { + "PURL": "pkg:npm/%40types/strip-bom@3.0.0", + "UID": "50be5b1664ae892d" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/strip-bom/package.json" + }, + { + "ID": "@types/strip-json-comments@0.0.30", + "Name": "@types/strip-json-comments", + "Identifier": { + "PURL": "pkg:npm/%40types/strip-json-comments@0.0.30", + "UID": "849ce640857561a5" + }, + "Version": "0.0.30", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/strip-json-comments/package.json" + }, + { + "ID": "@types/triple-beam@1.3.5", + "Name": "@types/triple-beam", + "Identifier": { + "PURL": "pkg:npm/%40types/triple-beam@1.3.5", + "UID": "99d99d16a28deff0" + }, + "Version": "1.3.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/triple-beam/package.json" + }, + { + "ID": "@types/validator@13.15.3", + "Name": "@types/validator", + "Identifier": { + "PURL": "pkg:npm/%40types/validator@13.15.3", + "UID": "9a2d8448c11d903b" + }, + "Version": "13.15.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/validator/package.json" + }, + { + "ID": "@types/ws@8.5.3", + "Name": "@types/ws", + "Identifier": { + "PURL": "pkg:npm/%40types/ws@8.5.3", + "UID": "2f33a5bd76de1037" + }, + "Version": "8.5.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@types/ws/package.json" + }, + { + "ID": "abbrev@1.1.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@1.1.1", + "UID": "2d92054af4467117" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/abbrev/package.json" + }, + { + "ID": "abbrev@3.0.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@3.0.1", + "UID": "8575a6d531002f68" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-gyp/node_modules/abbrev/package.json" + }, + { + "ID": "abitype@0.7.1", + "Name": "abitype", + "Identifier": { + "PURL": "pkg:npm/abitype@0.7.1", + "UID": "eb69280bddaf9838" + }, + "Version": "0.7.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/abitype/package.json" + }, + { + "ID": "abort-controller@3.0.0", + "Name": "abort-controller", + "Identifier": { + "PURL": "pkg:npm/abort-controller@3.0.0", + "UID": "de986d07d8231845" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/abort-controller/package.json" + }, + { + "ID": "accepts@1.3.8", + "Name": "accepts", + "Identifier": { + "PURL": "pkg:npm/accepts@1.3.8", + "UID": "85c3703cde5ba400" + }, + "Version": "1.3.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/accepts/package.json" + }, + { + "ID": "acorn@7.4.1", + "Name": "acorn", + "Identifier": { + "PURL": "pkg:npm/acorn@7.4.1", + "UID": "84654f41ed0c397b" + }, + "Version": "7.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-expression/node_modules/acorn/package.json" + }, + { + "ID": "acorn@8.15.0", + "Name": "acorn", + "Identifier": { + "PURL": "pkg:npm/acorn@8.15.0", + "UID": "8d97b7a1da10e0c" + }, + "Version": "8.15.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/acorn/package.json" + }, + { + "ID": "acorn-walk@8.3.4", + "Name": "acorn-walk", + "Identifier": { + "PURL": "pkg:npm/acorn-walk@8.3.4", + "UID": "ae4ea71f929119e2" + }, + "Version": "8.3.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/acorn-walk/package.json" + }, + { + "ID": "aes-js@4.0.0-beta.5", + "Name": "aes-js", + "Identifier": { + "PURL": "pkg:npm/aes-js@4.0.0-beta.5", + "UID": "3e2d787abf475a9b" + }, + "Version": "4.0.0-beta.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/aes-js/package.json" + }, + { + "ID": "agent-base@6.0.2", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@6.0.2", + "UID": "d71bdce937871612" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/agent-base/package.json" + }, + { + "ID": "agent-base@7.1.4", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@7.1.4", + "UID": "a9ccf3a2657ac392" + }, + "Version": "7.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/agent/node_modules/agent-base/package.json" + }, + { + "ID": "agent-base@7.1.4", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@7.1.4", + "UID": "716d5614d323a285" + }, + "Version": "7.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socks-proxy-agent/node_modules/agent-base/package.json" + }, + { + "ID": "agentkeepalive@4.6.0", + "Name": "agentkeepalive", + "Identifier": { + "PURL": "pkg:npm/agentkeepalive@4.6.0", + "UID": "240bb81dc614f7dc" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/agentkeepalive/package.json" + }, + { + "ID": "aggregate-error@3.1.0", + "Name": "aggregate-error", + "Identifier": { + "PURL": "pkg:npm/aggregate-error@3.1.0", + "UID": "e4dc2525f33bf994" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/aggregate-error/package.json" + }, + { + "ID": "ansi-regex@2.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@2.1.1", + "UID": "4641a4797b00be3f" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gauge/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@2.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@2.1.1", + "UID": "88306120b0f4addf" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@2.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@2.1.1", + "UID": "ee7f5d8fdb335d42" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-ansi/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@3.0.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@3.0.1", + "UID": "68449037114300d3" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wide-align/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@5.0.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@5.0.1", + "UID": "c92caa3ca0cc3aa2" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@6.2.0", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@6.2.0", + "UID": "80dda963e07197bd" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-regex@6.2.0", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@6.2.0", + "UID": "e027482500b0fe1a" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/node_modules/ansi-regex/package.json" + }, + { + "ID": "ansi-styles@2.2.1", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@2.2.1", + "UID": "808507839839447a" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/ansi-styles/package.json" + }, + { + "ID": "ansi-styles@3.2.1", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@3.2.1", + "UID": "1abdf3cedc6aae00" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ansi-styles/package.json" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "60d1fa4e58032141" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/ansi-styles/package.json" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "9a9056a783f32e82" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/ansi-styles/package.json" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "58f4dc3664777a1b" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json" + }, + { + "ID": "ansi-styles@6.2.1", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@6.2.1", + "UID": "3d29343b17fd64df" + }, + "Version": "6.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/node_modules/ansi-styles/package.json" + }, + { + "ID": "anymatch@3.1.3", + "Name": "anymatch", + "Identifier": { + "PURL": "pkg:npm/anymatch@3.1.3", + "UID": "30a8ea0bb85763aa" + }, + "Version": "3.1.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/anymatch/package.json" + }, + { + "ID": "append-field@1.0.0", + "Name": "append-field", + "Identifier": { + "PURL": "pkg:npm/append-field@1.0.0", + "UID": "de197009b6d5e53c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/append-field/package.json" + }, + { + "ID": "aproba@1.2.0", + "Name": "aproba", + "Identifier": { + "PURL": "pkg:npm/aproba@1.2.0", + "UID": "f871674b20088c78" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/aproba/package.json" + }, + { + "ID": "archive-type@4.0.0", + "Name": "archive-type", + "Identifier": { + "PURL": "pkg:npm/archive-type@4.0.0", + "UID": "4213bac5c49b5109" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archive-type/package.json" + }, + { + "ID": "archiver@1.3.0", + "Name": "archiver", + "Identifier": { + "PURL": "pkg:npm/archiver@1.3.0", + "UID": "c3ebb8f46d9acea4" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver/package.json" + }, + { + "ID": "archiver-utils@1.3.0", + "Name": "archiver-utils", + "Identifier": { + "PURL": "pkg:npm/archiver-utils@1.3.0", + "UID": "6c8fba2e5732295b" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver-utils/package.json" + }, + { + "ID": "are-we-there-yet@1.1.7", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@1.1.7", + "UID": "645bbfee2b92ae95" + }, + "Version": "1.1.7", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/are-we-there-yet/package.json" + }, + { + "ID": "are-we-there-yet@3.0.1", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@3.0.1", + "UID": "4a779db2b43e013b" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/are-we-there-yet/package.json" + }, + { + "ID": "arg@4.1.3", + "Name": "arg", + "Identifier": { + "PURL": "pkg:npm/arg@4.1.3", + "UID": "efafc15896b76cd5" + }, + "Version": "4.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/arg/package.json" + }, + { + "ID": "argparse@1.0.10", + "Name": "argparse", + "Identifier": { + "PURL": "pkg:npm/argparse@1.0.10", + "UID": "6d13a4f3ef1fe549" + }, + "Version": "1.0.10", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/argparse/package.json" + }, + { + "ID": "arr-diff@4.0.0", + "Name": "arr-diff", + "Identifier": { + "PURL": "pkg:npm/arr-diff@4.0.0", + "UID": "5e71a17f2c07c94a" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/arr-diff/package.json" + }, + { + "ID": "arr-flatten@1.1.0", + "Name": "arr-flatten", + "Identifier": { + "PURL": "pkg:npm/arr-flatten@1.1.0", + "UID": "122728d4c09de7b7" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/arr-flatten/package.json" + }, + { + "ID": "arr-union@3.1.0", + "Name": "arr-union", + "Identifier": { + "PURL": "pkg:npm/arr-union@3.1.0", + "UID": "1f51073b8eefe0a0" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/arr-union/package.json" + }, + { + "ID": "array-buffer-byte-length@1.0.2", + "Name": "array-buffer-byte-length", + "Identifier": { + "PURL": "pkg:npm/array-buffer-byte-length@1.0.2", + "UID": "c68b2174cf1c92f1" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/array-buffer-byte-length/package.json" + }, + { + "ID": "array-each@1.0.1", + "Name": "array-each", + "Identifier": { + "PURL": "pkg:npm/array-each@1.0.1", + "UID": "7e97d2725c5159b1" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/array-each/package.json" + }, + { + "ID": "array-flatten@1.1.1", + "Name": "array-flatten", + "Identifier": { + "PURL": "pkg:npm/array-flatten@1.1.1", + "UID": "f2376c3d4a428fa6" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/array-flatten/package.json" + }, + { + "ID": "array-slice@1.1.0", + "Name": "array-slice", + "Identifier": { + "PURL": "pkg:npm/array-slice@1.1.0", + "UID": "838962afe3856a06" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/array-slice/package.json" + }, + { + "ID": "array-unique@0.3.2", + "Name": "array-unique", + "Identifier": { + "PURL": "pkg:npm/array-unique@0.3.2", + "UID": "1a64d9dce877383d" + }, + "Version": "0.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/array-unique/package.json" + }, + { + "ID": "asap@2.0.6", + "Name": "asap", + "Identifier": { + "PURL": "pkg:npm/asap@2.0.6", + "UID": "a25a42d5dec7c5a" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/asap/package.json" + }, + { + "ID": "assert-never@1.4.0", + "Name": "assert-never", + "Identifier": { + "PURL": "pkg:npm/assert-never@1.4.0", + "UID": "d692906ea878dfd1" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/assert-never/package.json" + }, + { + "ID": "assign-symbols@1.0.0", + "Name": "assign-symbols", + "Identifier": { + "PURL": "pkg:npm/assign-symbols@1.0.0", + "UID": "f4581f665aab6079" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/assign-symbols/package.json" + }, + { + "ID": "async@2.6.4", + "Name": "async", + "Identifier": { + "PURL": "pkg:npm/async@2.6.4", + "UID": "e88f2d499af9a922" + }, + "Version": "2.6.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver/node_modules/async/package.json" + }, + { + "ID": "async@2.6.4", + "Name": "async", + "Identifier": { + "PURL": "pkg:npm/async@2.6.4", + "UID": "d2faf4753df6d99e" + }, + "Version": "2.6.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/portscanner/node_modules/async/package.json" + }, + { + "ID": "async@3.2.6", + "Name": "async", + "Identifier": { + "PURL": "pkg:npm/async@3.2.6", + "UID": "31219a6e739ac2a3" + }, + "Version": "3.2.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/async/package.json" + }, + { + "ID": "at-least-node@1.0.0", + "Name": "at-least-node", + "Identifier": { + "PURL": "pkg:npm/at-least-node@1.0.0", + "UID": "cbd520fc452cbb9f" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/at-least-node/package.json" + }, + { + "ID": "atob@2.1.2", + "Name": "atob", + "Identifier": { + "PURL": "pkg:npm/atob@2.1.2", + "UID": "ad8ce8fdb6024371" + }, + "Version": "2.1.2", + "Licenses": [ + "(MIT OR Apache-2.0)" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/atob/package.json" + }, + { + "ID": "available-typed-arrays@1.0.7", + "Name": "available-typed-arrays", + "Identifier": { + "PURL": "pkg:npm/available-typed-arrays@1.0.7", + "UID": "57a58d587eee361f" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/available-typed-arrays/package.json" + }, + { + "ID": "babel-walk@3.0.0-canary-5", + "Name": "babel-walk", + "Identifier": { + "PURL": "pkg:npm/babel-walk@3.0.0-canary-5", + "UID": "abf7ad687675ac08" + }, + "Version": "3.0.0-canary-5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/babel-walk/package.json" + }, + { + "ID": "balanced-match@1.0.2", + "Name": "balanced-match", + "Identifier": { + "PURL": "pkg:npm/balanced-match@1.0.2", + "UID": "9b5633208b6b5395" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/balanced-match/package.json" + }, + { + "ID": "base@0.11.2", + "Name": "base", + "Identifier": { + "PURL": "pkg:npm/base@0.11.2", + "UID": "7da4ac028adc7927" + }, + "Version": "0.11.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base/package.json" + }, + { + "ID": "base64-arraybuffer@0.1.4", + "Name": "base64-arraybuffer", + "Identifier": { + "PURL": "pkg:npm/base64-arraybuffer@0.1.4", + "UID": "7682226bbb9bd6f0" + }, + "Version": "0.1.4", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base64-arraybuffer/package.json" + }, + { + "ID": "base64-js@0.0.8", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@0.0.8", + "UID": "481d2c012e91b420" + }, + "Version": "0.0.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/linebreak/node_modules/base64-js/package.json" + }, + { + "ID": "base64-js@1.5.1", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@1.5.1", + "UID": "97501e339feefbfc" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base64-js/package.json" + }, + { + "ID": "base64id@2.0.0", + "Name": "base64id", + "Identifier": { + "PURL": "pkg:npm/base64id@2.0.0", + "UID": "193572ef739e540f" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base64id/package.json" + }, + { + "ID": "base64url@0.0.6", + "Name": "base64url", + "Identifier": { + "PURL": "pkg:npm/base64url@0.0.6", + "UID": "37b2d3176f8fdba9" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base64url/package.json" + }, + { + "ID": "basic-auth@2.0.1", + "Name": "basic-auth", + "Identifier": { + "PURL": "pkg:npm/basic-auth@2.0.1", + "UID": "17b2818e419ecb58" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/node_modules/basic-auth/package.json" + }, + { + "ID": "batch@0.6.1", + "Name": "batch", + "Identifier": { + "PURL": "pkg:npm/batch@0.6.1", + "UID": "325f5c5fc0864a32" + }, + "Version": "0.6.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/batch/package.json" + }, + { + "ID": "beep-boop@1.2.3", + "Name": "beep-boop", + "Identifier": { + "PURL": "pkg:npm/beep-boop@1.2.3", + "UID": "f802d5952bdd2e16" + }, + "Version": "1.2.3", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/github-from-package/example/package.json" + }, + { + "ID": "big-integer@1.6.52", + "Name": "big-integer", + "Identifier": { + "PURL": "pkg:npm/big-integer@1.6.52", + "UID": "2bb8d29df2040e76" + }, + "Version": "1.6.52", + "Licenses": [ + "Unlicense" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/big-integer/package.json" + }, + { + "ID": "binary@0.3.0", + "Name": "binary", + "Identifier": { + "PURL": "pkg:npm/binary@0.3.0", + "UID": "8b23397f6193bfcb" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/binary/package.json" + }, + { + "ID": "binary-extensions@2.3.0", + "Name": "binary-extensions", + "Identifier": { + "PURL": "pkg:npm/binary-extensions@2.3.0", + "UID": "f0479b73e9123f0d" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/binary-extensions/package.json" + }, + { + "ID": "bindings@1.5.0", + "Name": "bindings", + "Identifier": { + "PURL": "pkg:npm/bindings@1.5.0", + "UID": "4ad9461693e8aea0" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bindings/package.json" + }, + { + "ID": "bintrees@1.0.2", + "Name": "bintrees", + "Identifier": { + "PURL": "pkg:npm/bintrees@1.0.2", + "UID": "8b42af04d8d291e" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bintrees/package.json" + }, + { + "ID": "bl@1.2.3", + "Name": "bl", + "Identifier": { + "PURL": "pkg:npm/bl@1.2.3", + "UID": "583f2cd30a6d6302" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bl/package.json" + }, + { + "ID": "bl@4.1.0", + "Name": "bl", + "Identifier": { + "PURL": "pkg:npm/bl@4.1.0", + "UID": "cf95634d632fad78" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-fs/node_modules/bl/package.json" + }, + { + "ID": "bluebird@3.4.7", + "Name": "bluebird", + "Identifier": { + "PURL": "pkg:npm/bluebird@3.4.7", + "UID": "ae112774e4abe482" + }, + "Version": "3.4.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unzipper/node_modules/bluebird/package.json" + }, + { + "ID": "bluebird@3.7.2", + "Name": "bluebird", + "Identifier": { + "PURL": "pkg:npm/bluebird@3.7.2", + "UID": "6e5ebe3b47b520c4" + }, + "Version": "3.7.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bluebird/package.json" + }, + { + "ID": "body-parser@1.20.3", + "Name": "body-parser", + "Identifier": { + "PURL": "pkg:npm/body-parser@1.20.3", + "UID": "5a19d6d3b7743c4" + }, + "Version": "1.20.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/body-parser/package.json" + }, + { + "ID": "bower-config@1.4.3", + "Name": "bower-config", + "Identifier": { + "PURL": "pkg:npm/bower-config@1.4.3", + "UID": "82d51125936f41b6" + }, + "Version": "1.4.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bower-config/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "847ff46e302711b1" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver-utils/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "64b6a90ed2b4d27c" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "815b4f68f510a30e" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-js/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "f52bfce47345c5d4" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "6001ad4eafa43e3d" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "45219433664992f" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ignore-walk/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "424879d491a05acb" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "2cd485f1d1b7e903" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "e0c2dfff4837dffe" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rimraf/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "1c1bffc1a94afa87" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "e833ff13c899c999" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/brace-expansion/package.json" + }, + { + "ID": "brace-expansion@2.0.2", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@2.0.2", + "UID": "5850c7fc3fe753fe" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/brace-expansion/package.json" + }, + { + "ID": "braces@2.3.2", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@2.3.2", + "UID": "a453a1accd8298fb" + }, + "Version": "2.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/braces/package.json" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "e561fc189d30368" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/braces/package.json" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "4795ac50fca5d679" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/braces/package.json" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "c469793b83da42d" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/braces/package.json" + }, + { + "ID": "brotli@1.3.3", + "Name": "brotli", + "Identifier": { + "PURL": "pkg:npm/brotli@1.3.3", + "UID": "b5b4e5a8ef510615" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/brotli/package.json" + }, + { + "ID": "buffer@5.7.1", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@5.7.1", + "UID": "6f0392f4625132dc" + }, + "Version": "5.7.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer/package.json" + }, + { + "ID": "buffer@6.0.3", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@6.0.3", + "UID": "ff115dae073e3218" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-web-to-node-stream/node_modules/buffer/package.json" + }, + { + "ID": "buffer-alloc@1.2.0", + "Name": "buffer-alloc", + "Identifier": { + "PURL": "pkg:npm/buffer-alloc@1.2.0", + "UID": "d58dd5009c3df21" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-alloc/package.json" + }, + { + "ID": "buffer-alloc-unsafe@1.1.0", + "Name": "buffer-alloc-unsafe", + "Identifier": { + "PURL": "pkg:npm/buffer-alloc-unsafe@1.1.0", + "UID": "3390856ded9e43ad" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-alloc-unsafe/package.json" + }, + { + "ID": "buffer-crc32@0.2.13", + "Name": "buffer-crc32", + "Identifier": { + "PURL": "pkg:npm/buffer-crc32@0.2.13", + "UID": "3b8b4138596fb638" + }, + "Version": "0.2.13", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-crc32/package.json" + }, + { + "ID": "buffer-fill@1.0.0", + "Name": "buffer-fill", + "Identifier": { + "PURL": "pkg:npm/buffer-fill@1.0.0", + "UID": "cbf9b4546ca06af2" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-fill/package.json" + }, + { + "ID": "buffer-from@1.1.2", + "Name": "buffer-from", + "Identifier": { + "PURL": "pkg:npm/buffer-from@1.1.2", + "UID": "f12723f0a91bee91" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-from/package.json" + }, + { + "ID": "buffer-indexof-polyfill@1.0.2", + "Name": "buffer-indexof-polyfill", + "Identifier": { + "PURL": "pkg:npm/buffer-indexof-polyfill@1.0.2", + "UID": "215c957f6c29bc0" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffer-indexof-polyfill/package.json" + }, + { + "ID": "buffers@0.1.1", + "Name": "buffers", + "Identifier": { + "PURL": "pkg:npm/buffers@0.1.1", + "UID": "9b21a343f106e44e" + }, + "Version": "0.1.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/buffers/package.json" + }, + { + "ID": "busboy@1.6.0", + "Name": "busboy", + "Identifier": { + "PURL": "pkg:npm/busboy@1.6.0", + "UID": "4ad25e7b667e8132" + }, + "Version": "1.6.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/busboy/package.json" + }, + { + "ID": "byline@4.2.2", + "Name": "byline", + "Identifier": { + "PURL": "pkg:npm/byline@4.2.2", + "UID": "3fb3dd965e6d9db1" + }, + "Version": "4.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/byline/package.json" + }, + { + "ID": "bytes@3.1.2", + "Name": "bytes", + "Identifier": { + "PURL": "pkg:npm/bytes@3.1.2", + "UID": "66e7d567808bc082" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bytes/package.json" + }, + { + "ID": "cacache@15.3.0", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@15.3.0", + "UID": "52cdab2604110436" + }, + "Version": "15.3.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/cacache/package.json" + }, + { + "ID": "cacache@19.0.1", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@19.0.1", + "UID": "1ec39e49f7c5e13e" + }, + "Version": "19.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacache/package.json" + }, + { + "ID": "cache-base@1.0.1", + "Name": "cache-base", + "Identifier": { + "PURL": "pkg:npm/cache-base@1.0.1", + "UID": "a6b743b105fdb54e" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cache-base/package.json" + }, + { + "ID": "cacheable-request@2.1.4", + "Name": "cacheable-request", + "Identifier": { + "PURL": "pkg:npm/cacheable-request@2.1.4", + "UID": "72ede3056f5ba91d" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacheable-request/package.json" + }, + { + "ID": "call-bind@1.0.8", + "Name": "call-bind", + "Identifier": { + "PURL": "pkg:npm/call-bind@1.0.8", + "UID": "18764e72f0f3a3f5" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/call-bind/package.json" + }, + { + "ID": "call-bind-apply-helpers@1.0.2", + "Name": "call-bind-apply-helpers", + "Identifier": { + "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", + "UID": "becf35559d45f211" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/call-bind-apply-helpers/package.json" + }, + { + "ID": "call-bound@1.0.4", + "Name": "call-bound", + "Identifier": { + "PURL": "pkg:npm/call-bound@1.0.4", + "UID": "c861433804276160" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/call-bound/package.json" + }, + { + "ID": "camelcase@5.3.1", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@5.3.1", + "UID": "598c0e39b7c957c5" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/camelcase/package.json" + }, + { + "ID": "chainsaw@0.1.0", + "Name": "chainsaw", + "Identifier": { + "PURL": "pkg:npm/chainsaw@0.1.0", + "UID": "551b09ad918f52ef" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT/X11" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chainsaw/package.json" + }, + { + "ID": "chalk@1.1.3", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@1.1.3", + "UID": "b196a1559639a22f" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/chalk/package.json" + }, + { + "ID": "chalk@2.4.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@2.4.2", + "UID": "337b57586e8f14dc" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chalk/package.json" + }, + { + "ID": "chalk@4.1.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@4.1.2", + "UID": "f3569bca1a895fd5" + }, + "Version": "4.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/chalk/package.json" + }, + { + "ID": "character-parser@2.2.0", + "Name": "character-parser", + "Identifier": { + "PURL": "pkg:npm/character-parser@2.2.0", + "UID": "d89f781ec5d38eb3" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/character-parser/package.json" + }, + { + "ID": "check-dependencies@1.1.1", + "Name": "check-dependencies", + "Identifier": { + "PURL": "pkg:npm/check-dependencies@1.1.1", + "UID": "5c18629e96e4a925" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/check-dependencies/package.json" + }, + { + "ID": "check-internet-connected@2.0.6", + "Name": "check-internet-connected", + "Identifier": { + "PURL": "pkg:npm/check-internet-connected@2.0.6", + "UID": "b2cf32366a33841f" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/check-internet-connected/package.json" + }, + { + "ID": "check-types@6.0.0", + "Name": "check-types", + "Identifier": { + "PURL": "pkg:npm/check-types@6.0.0", + "UID": "24dd90d9ff557262" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/check-types/package.json" + }, + { + "ID": "chokidar@3.5.1", + "Name": "chokidar", + "Identifier": { + "PURL": "pkg:npm/chokidar@3.5.1", + "UID": "3134bd139c124a78" + }, + "Version": "3.5.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/package.json" + }, + { + "ID": "chownr@1.1.4", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@1.1.4", + "UID": "446f4d32413c9ab4" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/chownr/package.json" + }, + { + "ID": "chownr@1.1.4", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@1.1.4", + "UID": "f7ab1fb945e8e422" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-fs/node_modules/chownr/package.json" + }, + { + "ID": "chownr@2.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@2.0.0", + "UID": "a3d236fe647b712b" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/chownr/package.json" + }, + { + "ID": "chownr@3.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@3.0.0", + "UID": "e747fd3ed1a315d6" + }, + "Version": "3.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chownr/package.json" + }, + { + "ID": "clarinet@0.12.6", + "Name": "clarinet", + "Identifier": { + "PURL": "pkg:npm/clarinet@0.12.6", + "UID": "37f3cdd33d82308f" + }, + "Version": "0.12.6", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/clarinet/package.json" + }, + { + "ID": "class-utils@0.3.6", + "Name": "class-utils", + "Identifier": { + "PURL": "pkg:npm/class-utils@0.3.6", + "UID": "a21effbcb0501143" + }, + "Version": "0.3.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/class-utils/package.json" + }, + { + "ID": "clean-stack@2.2.0", + "Name": "clean-stack", + "Identifier": { + "PURL": "pkg:npm/clean-stack@2.2.0", + "UID": "9572040ab1714e1f" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/clean-stack/package.json" + }, + { + "ID": "cliui@6.0.0", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@6.0.0", + "UID": "880841687e10cde3" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/cliui/package.json" + }, + { + "ID": "clone@2.1.2", + "Name": "clone", + "Identifier": { + "PURL": "pkg:npm/clone@2.1.2", + "UID": "bb2ebfef9a57cdb5" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/clone/package.json" + }, + { + "ID": "clone-response@1.0.2", + "Name": "clone-response", + "Identifier": { + "PURL": "pkg:npm/clone-response@1.0.2", + "UID": "4dcd20d6ed95efb8" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/clone-response/package.json" + }, + { + "ID": "code-point-at@1.1.0", + "Name": "code-point-at", + "Identifier": { + "PURL": "pkg:npm/code-point-at@1.1.0", + "UID": "1bfbd0adb878e697" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/code-point-at/package.json" + }, + { + "ID": "collection-visit@1.0.0", + "Name": "collection-visit", + "Identifier": { + "PURL": "pkg:npm/collection-visit@1.0.0", + "UID": "27e11920cbbf5066" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/collection-visit/package.json" + }, + { + "ID": "color@3.2.1", + "Name": "color", + "Identifier": { + "PURL": "pkg:npm/color@3.2.1", + "UID": "d992345cf84d7e99" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/color/package.json" + }, + { + "ID": "color-convert@1.9.3", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@1.9.3", + "UID": "9a385bff1082eed6" + }, + "Version": "1.9.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/color-convert/package.json" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "1027dd6a1bba0cd7" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/color-convert/package.json" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "e4b3b0779c1dad52" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/color-convert/package.json" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "365608999eda0001" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi-cjs/node_modules/color-convert/package.json" + }, + { + "ID": "color-name@1.1.3", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.3", + "UID": "f03f587fd4814ae1" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/color-name/package.json" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "8e84e854c14c0633" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/color-name/package.json" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "c922f472574713d9" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/color-name/package.json" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "637ed073e787878d" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi-cjs/node_modules/color-name/package.json" + }, + { + "ID": "color-string@1.9.1", + "Name": "color-string", + "Identifier": { + "PURL": "pkg:npm/color-string@1.9.1", + "UID": "8cbc331162b1d33d" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/color-string/package.json" + }, + { + "ID": "color-support@1.1.3", + "Name": "color-support", + "Identifier": { + "PURL": "pkg:npm/color-support@1.1.3", + "UID": "8c94c63764d75679" + }, + "Version": "1.1.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/color-support/package.json" + }, + { + "ID": "colors@1.1.2", + "Name": "colors", + "Identifier": { + "PURL": "pkg:npm/colors@1.1.2", + "UID": "fdc85d25e61bfade" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log/node_modules/colors/package.json" + }, + { + "ID": "colors@1.4.0", + "Name": "colors", + "Identifier": { + "PURL": "pkg:npm/colors@1.4.0", + "UID": "48668c160e0e0592" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/colors/package.json" + }, + { + "ID": "colorspace@1.1.4", + "Name": "colorspace", + "Identifier": { + "PURL": "pkg:npm/colorspace@1.1.4", + "UID": "220a102eff8673e6" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/colorspace/package.json" + }, + { + "ID": "commander@2.20.3", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@2.20.3", + "UID": "b324eef4a160af82" + }, + "Version": "2.20.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/seek-bzip/node_modules/commander/package.json" + }, + { + "ID": "commander@2.20.3", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@2.20.3", + "UID": "c0024a1b798bb41f" + }, + "Version": "2.20.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/yaml-schema-validator/node_modules/commander/package.json" + }, + { + "ID": "component-emitter@1.3.1", + "Name": "component-emitter", + "Identifier": { + "PURL": "pkg:npm/component-emitter@1.3.1", + "UID": "66b4048d4bf9465a" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/component-emitter/package.json" + }, + { + "ID": "component-type@1.2.1", + "Name": "component-type", + "Identifier": { + "PURL": "pkg:npm/component-type@1.2.1", + "UID": "f4f4e391c7c8fff1" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/component-type/package.json" + }, + { + "ID": "compress-commons@1.2.2", + "Name": "compress-commons", + "Identifier": { + "PURL": "pkg:npm/compress-commons@1.2.2", + "UID": "7f0a6dd411ce7b78" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/compress-commons/package.json" + }, + { + "ID": "compressible@2.0.18", + "Name": "compressible", + "Identifier": { + "PURL": "pkg:npm/compressible@2.0.18", + "UID": "48e12337bc23bc2e" + }, + "Version": "2.0.18", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/compressible/package.json" + }, + { + "ID": "compression@1.8.1", + "Name": "compression", + "Identifier": { + "PURL": "pkg:npm/compression@1.8.1", + "UID": "f961f1ba0564e8b5" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/compression/package.json" + }, + { + "ID": "concat-map@0.0.1", + "Name": "concat-map", + "Identifier": { + "PURL": "pkg:npm/concat-map@0.0.1", + "UID": "2659532b59f61943" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/concat-map/package.json" + }, + { + "ID": "concat-stream@1.6.2", + "Name": "concat-stream", + "Identifier": { + "PURL": "pkg:npm/concat-stream@1.6.2", + "UID": "e19d83323ce9187c" + }, + "Version": "1.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/concat-stream/package.json" + }, + { + "ID": "config@3.3.12", + "Name": "config", + "Identifier": { + "PURL": "pkg:npm/config@3.3.12", + "UID": "7f95dd2d69bca92b" + }, + "Version": "3.3.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/config/package.json" + }, + { + "ID": "console-control-strings@1.1.0", + "Name": "console-control-strings", + "Identifier": { + "PURL": "pkg:npm/console-control-strings@1.1.0", + "UID": "dd4f2deacdec24f7" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/console-control-strings/package.json" + }, + { + "ID": "constantinople@4.0.1", + "Name": "constantinople", + "Identifier": { + "PURL": "pkg:npm/constantinople@4.0.1", + "UID": "e84143f42c9aa46" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/constantinople/package.json" + }, + { + "ID": "content-disposition@0.5.4", + "Name": "content-disposition", + "Identifier": { + "PURL": "pkg:npm/content-disposition@0.5.4", + "UID": "c3e0d1f5e76c7185" + }, + "Version": "0.5.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/content-disposition/package.json" + }, + { + "ID": "content-type@1.0.5", + "Name": "content-type", + "Identifier": { + "PURL": "pkg:npm/content-type@1.0.5", + "UID": "7ca706c9a999fd2b" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/content-type/package.json" + }, + { + "ID": "cookie@0.4.2", + "Name": "cookie", + "Identifier": { + "PURL": "pkg:npm/cookie@0.4.2", + "UID": "9de3a0e52eea0952" + }, + "Version": "0.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/engine.io/node_modules/cookie/package.json" + }, + { + "ID": "cookie@0.7.1", + "Name": "cookie", + "Identifier": { + "PURL": "pkg:npm/cookie@0.7.1", + "UID": "7f8517b3fd81de4a" + }, + "Version": "0.7.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express/node_modules/cookie/package.json" + }, + { + "ID": "cookie@0.7.2", + "Name": "cookie", + "Identifier": { + "PURL": "pkg:npm/cookie@0.7.2", + "UID": "149af8464a56aa38" + }, + "Version": "0.7.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cookie/package.json" + }, + { + "ID": "cookie-parser@1.4.7", + "Name": "cookie-parser", + "Identifier": { + "PURL": "pkg:npm/cookie-parser@1.4.7", + "UID": "53d9d74411c1bcd9" + }, + "Version": "1.4.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cookie-parser/package.json" + }, + { + "ID": "cookie-signature@1.0.6", + "Name": "cookie-signature", + "Identifier": { + "PURL": "pkg:npm/cookie-signature@1.0.6", + "UID": "7db1b8267b3b124c" + }, + "Version": "1.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cookie-signature/package.json" + }, + { + "ID": "copy-descriptor@0.1.1", + "Name": "copy-descriptor", + "Identifier": { + "PURL": "pkg:npm/copy-descriptor@0.1.1", + "UID": "35a1a8f7a2047725" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/copy-descriptor/package.json" + }, + { + "ID": "core-util-is@1.0.2", + "Name": "core-util-is", + "Identifier": { + "PURL": "pkg:npm/core-util-is@1.0.2", + "UID": "89ca21655a733e43" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/core-util-is/package.json" + }, + { + "ID": "cors@2.8.5", + "Name": "cors", + "Identifier": { + "PURL": "pkg:npm/cors@2.8.5", + "UID": "3be23d2ede0a4bfa" + }, + "Version": "2.8.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cors/package.json" + }, + { + "ID": "crc@3.8.0", + "Name": "crc", + "Identifier": { + "PURL": "pkg:npm/crc@3.8.0", + "UID": "38b99d33888ecedc" + }, + "Version": "3.8.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/crc/package.json" + }, + { + "ID": "crc-32@1.2.2", + "Name": "crc-32", + "Identifier": { + "PURL": "pkg:npm/crc-32@1.2.2", + "UID": "910a12445a009579" + }, + "Version": "1.2.2", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/crc-32/package.json" + }, + { + "ID": "crc32-stream@2.0.0", + "Name": "crc32-stream", + "Identifier": { + "PURL": "pkg:npm/crc32-stream@2.0.0", + "UID": "1cc77dac6489b3c6" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/crc32-stream/package.json" + }, + { + "ID": "create-require@1.1.1", + "Name": "create-require", + "Identifier": { + "PURL": "pkg:npm/create-require@1.1.1", + "UID": "26310be172281f0e" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/create-require/package.json" + }, + { + "ID": "cross-fetch@4.1.0", + "Name": "cross-fetch", + "Identifier": { + "PURL": "pkg:npm/cross-fetch@4.1.0", + "UID": "469c6e29a5afca4e" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cross-fetch/package.json" + }, + { + "ID": "cross-fetch-polyfill@0.0.0", + "Name": "cross-fetch-polyfill", + "Identifier": { + "PURL": "pkg:npm/cross-fetch-polyfill@0.0.0", + "UID": "9c22d4b8b858ff48" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cross-fetch/polyfill/package.json" + }, + { + "ID": "cross-spawn@7.0.6", + "Name": "cross-spawn", + "Identifier": { + "PURL": "pkg:npm/cross-spawn@7.0.6", + "UID": "7d46ccbe111d357f" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cross-spawn/package.json" + }, + { + "ID": "crypto-js@3.3.0", + "Name": "crypto-js", + "Identifier": { + "PURL": "pkg:npm/crypto-js@3.3.0", + "UID": "968c6884db7b658" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/crypto-js/package.json" + }, + { + "ID": "dateformat@4.6.3", + "Name": "dateformat", + "Identifier": { + "PURL": "pkg:npm/dateformat@4.6.3", + "UID": "5089ead392946d0a" + }, + "Version": "4.6.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/dateformat/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "1b1a94dc989faf79" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/body-parser/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "2953bf073b89117" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/compression/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "15f76b24ffe498fc" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "30372bea7a4be13c" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "e53e500561212b60" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/finalhandler/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "51990d1abc7a8812" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "73f7b701f90de360" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/send/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "11af6516ea632464" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/debug/package.json" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "21dbdcec11c31cca" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/debug/package.json" + }, + { + "ID": "debug@3.2.7", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@3.2.7", + "UID": "976d9da346fb8df3" + }, + "Version": "3.2.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/needle/node_modules/debug/package.json" + }, + { + "ID": "debug@4.3.7", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@4.3.7", + "UID": "f2696202a72e98e" + }, + "Version": "4.3.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/debug/package.json" + }, + { + "ID": "decamelize@1.2.0", + "Name": "decamelize", + "Identifier": { + "PURL": "pkg:npm/decamelize@1.2.0", + "UID": "4feffa41f082fb98" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decamelize/package.json" + }, + { + "ID": "decode-uri-component@0.2.2", + "Name": "decode-uri-component", + "Identifier": { + "PURL": "pkg:npm/decode-uri-component@0.2.2", + "UID": "3cb20e0cccaa236d" + }, + "Version": "0.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decode-uri-component/package.json" + }, + { + "ID": "decompress@4.2.1", + "Name": "decompress", + "Identifier": { + "PURL": "pkg:npm/decompress@4.2.1", + "UID": "d6842d059ae9106d" + }, + "Version": "4.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress/package.json" + }, + { + "ID": "decompress-response@3.3.0", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@3.3.0", + "UID": "32ba918596881873" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-response/package.json" + }, + { + "ID": "decompress-response@4.2.1", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@4.2.1", + "UID": "823253e6701183" + }, + "Version": "4.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-get/node_modules/decompress-response/package.json" + }, + { + "ID": "decompress-response@6.0.0", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@6.0.0", + "UID": "46a60f85e12173ee" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/decompress-response/package.json" + }, + { + "ID": "decompress-response@6.0.0", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@6.0.0", + "UID": "e92154e06c9b6e28" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/decompress-response/package.json" + }, + { + "ID": "decompress-tar@4.1.1", + "Name": "decompress-tar", + "Identifier": { + "PURL": "pkg:npm/decompress-tar@4.1.1", + "UID": "826752d87435d115" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-tar/package.json" + }, + { + "ID": "decompress-tarbz2@4.1.1", + "Name": "decompress-tarbz2", + "Identifier": { + "PURL": "pkg:npm/decompress-tarbz2@4.1.1", + "UID": "36d48beec674bb05" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-tarbz2/package.json" + }, + { + "ID": "decompress-targz@4.1.1", + "Name": "decompress-targz", + "Identifier": { + "PURL": "pkg:npm/decompress-targz@4.1.1", + "UID": "33a4906265a3609c" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-targz/package.json" + }, + { + "ID": "decompress-unzip@4.0.1", + "Name": "decompress-unzip", + "Identifier": { + "PURL": "pkg:npm/decompress-unzip@4.0.1", + "UID": "37e54cf098845d34" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-unzip/package.json" + }, + { + "ID": "deep-equal@2.2.3", + "Name": "deep-equal", + "Identifier": { + "PURL": "pkg:npm/deep-equal@2.2.3", + "UID": "bbbefb43ee3f25d4" + }, + "Version": "2.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/deep-equal/package.json" + }, + { + "ID": "deep-extend@0.6.0", + "Name": "deep-extend", + "Identifier": { + "PURL": "pkg:npm/deep-extend@0.6.0", + "UID": "9d551297c15ddb2c" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/deep-extend/package.json" + }, + { + "ID": "define-data-property@1.1.4", + "Name": "define-data-property", + "Identifier": { + "PURL": "pkg:npm/define-data-property@1.1.4", + "UID": "8cbb3b509a53fdfc" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/define-data-property/package.json" + }, + { + "ID": "define-properties@1.2.1", + "Name": "define-properties", + "Identifier": { + "PURL": "pkg:npm/define-properties@1.2.1", + "UID": "c7a49dd124a20509" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/define-properties/package.json" + }, + { + "ID": "define-property@0.2.5", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@0.2.5", + "UID": "b2ffbcaf59e2a24d" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/class-utils/node_modules/define-property/package.json" + }, + { + "ID": "define-property@0.2.5", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@0.2.5", + "UID": "8bb6b11e51962fe7" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/define-property/package.json" + }, + { + "ID": "define-property@0.2.5", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@0.2.5", + "UID": "7df9fc7d177e1874" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-copy/node_modules/define-property/package.json" + }, + { + "ID": "define-property@0.2.5", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@0.2.5", + "UID": "1c40be2936c7d426" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/define-property/package.json" + }, + { + "ID": "define-property@0.2.5", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@0.2.5", + "UID": "c9bcddfda936030e" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/static-extend/node_modules/define-property/package.json" + }, + { + "ID": "define-property@1.0.0", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@1.0.0", + "UID": "2af1f888dacf88d5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/base/node_modules/define-property/package.json" + }, + { + "ID": "define-property@1.0.0", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@1.0.0", + "UID": "f407f7c6d7ca4393" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extglob/node_modules/define-property/package.json" + }, + { + "ID": "define-property@1.0.0", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@1.0.0", + "UID": "476cf57e53e3bfc5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon-node/node_modules/define-property/package.json" + }, + { + "ID": "define-property@2.0.2", + "Name": "define-property", + "Identifier": { + "PURL": "pkg:npm/define-property@2.0.2", + "UID": "5904659341c10a3" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/define-property/package.json" + }, + { + "ID": "delegates@1.0.0", + "Name": "delegates", + "Identifier": { + "PURL": "pkg:npm/delegates@1.0.0", + "UID": "4217f1829465ac15" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/delegates/package.json" + }, + { + "ID": "depd@1.1.2", + "Name": "depd", + "Identifier": { + "PURL": "pkg:npm/depd@1.1.2", + "UID": "5121f8ba76a8d3c4" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/depd/package.json" + }, + { + "ID": "depd@2.0.0", + "Name": "depd", + "Identifier": { + "PURL": "pkg:npm/depd@2.0.0", + "UID": "9c6fa31bc9d2d861" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/depd/package.json" + }, + { + "ID": "destroy@1.2.0", + "Name": "destroy", + "Identifier": { + "PURL": "pkg:npm/destroy@1.2.0", + "UID": "206c0f83069355e9" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/destroy/package.json" + }, + { + "ID": "detect-file@1.0.0", + "Name": "detect-file", + "Identifier": { + "PURL": "pkg:npm/detect-file@1.0.0", + "UID": "bb87744de4f41624" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/detect-file/package.json" + }, + { + "ID": "detect-libc@1.0.3", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@1.0.3", + "UID": "ae9af3136b819c8c" + }, + "Version": "1.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/detect-libc/package.json" + }, + { + "ID": "detect-libc@2.0.4", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@2.0.4", + "UID": "e086aed791ed1bf6" + }, + "Version": "2.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/detect-libc/package.json" + }, + { + "ID": "detect-libc@2.0.4", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@2.0.4", + "UID": "25113d73a4e9bd5c" + }, + "Version": "2.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/detect-libc/package.json" + }, + { + "ID": "dfa@1.2.0", + "Name": "dfa", + "Identifier": { + "PURL": "pkg:npm/dfa@1.2.0", + "UID": "a317c6ad251b2c88" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/dfa/package.json" + }, + { + "ID": "diff@4.0.2", + "Name": "diff", + "Identifier": { + "PURL": "pkg:npm/diff@4.0.2", + "UID": "9a30678b6c17e7a0" + }, + "Version": "4.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/diff/package.json" + }, + { + "ID": "doctypes@1.1.0", + "Name": "doctypes", + "Identifier": { + "PURL": "pkg:npm/doctypes@1.1.0", + "UID": "91cf97f14488f8a2" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/doctypes/package.json" + }, + { + "ID": "domelementtype@1.3.1", + "Name": "domelementtype", + "Identifier": { + "PURL": "pkg:npm/domelementtype@1.3.1", + "UID": "98a2e7cd73ca0daf" + }, + "Version": "1.3.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/domelementtype/package.json" + }, + { + "ID": "domhandler@2.1.0", + "Name": "domhandler", + "Identifier": { + "PURL": "pkg:npm/domhandler@2.1.0", + "UID": "7fb4a45dffbc4400" + }, + "Version": "2.1.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/domhandler/package.json" + }, + { + "ID": "domutils@1.1.6", + "Name": "domutils", + "Identifier": { + "PURL": "pkg:npm/domutils@1.1.6", + "UID": "18dd8a2163bfad5f" + }, + "Version": "1.1.6", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/domutils/package.json" + }, + { + "ID": "dottie@2.0.6", + "Name": "dottie", + "Identifier": { + "PURL": "pkg:npm/dottie@2.0.6", + "UID": "466d20b671aa6c46" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/dottie/package.json" + }, + { + "ID": "double-ended-queue@0.9.7", + "Name": "double-ended-queue", + "Identifier": { + "PURL": "pkg:npm/double-ended-queue@0.9.7", + "UID": "bbf6b101fc9d3c2c" + }, + "Version": "0.9.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/double-ended-queue/package.json" + }, + { + "ID": "download@8.0.0", + "Name": "download", + "Identifier": { + "PURL": "pkg:npm/download@8.0.0", + "UID": "891de985aaaed0c" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/download/package.json" + }, + { + "ID": "dunder-proto@1.0.1", + "Name": "dunder-proto", + "Identifier": { + "PURL": "pkg:npm/dunder-proto@1.0.1", + "UID": "437f960be3008e7c" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/dunder-proto/package.json" + }, + { + "ID": "duplexer2@0.1.4", + "Name": "duplexer2", + "Identifier": { + "PURL": "pkg:npm/duplexer2@0.1.4", + "UID": "e6ae183e022460f3" + }, + "Version": "0.1.4", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/duplexer2/package.json" + }, + { + "ID": "duplexer3@0.1.5", + "Name": "duplexer3", + "Identifier": { + "PURL": "pkg:npm/duplexer3@0.1.5", + "UID": "461128dd9e25a53e" + }, + "Version": "0.1.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/duplexer3/package.json" + }, + { + "ID": "dynamic-dedupe@0.3.0", + "Name": "dynamic-dedupe", + "Identifier": { + "PURL": "pkg:npm/dynamic-dedupe@0.3.0", + "UID": "84f358076c741069" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/dynamic-dedupe/package.json" + }, + { + "ID": "eastasianwidth@0.2.0", + "Name": "eastasianwidth", + "Identifier": { + "PURL": "pkg:npm/eastasianwidth@0.2.0", + "UID": "fafd77cbad4f8944" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/eastasianwidth/package.json" + }, + { + "ID": "ee-first@1.1.1", + "Name": "ee-first", + "Identifier": { + "PURL": "pkg:npm/ee-first@1.1.1", + "UID": "e8a39d3cc4ff76d8" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ee-first/package.json" + }, + { + "ID": "eivindfjeldstad-dot@0.0.1", + "Name": "eivindfjeldstad-dot", + "Identifier": { + "PURL": "pkg:npm/eivindfjeldstad-dot@0.0.1", + "UID": "36090df1edd09ef0" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/eivindfjeldstad-dot/package.json" + }, + { + "ID": "emoji-regex@8.0.0", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@8.0.0", + "UID": "c039bd6e8ec6b480" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/emoji-regex/package.json" + }, + { + "ID": "emoji-regex@9.2.2", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@9.2.2", + "UID": "b7c21cb291e37521" + }, + "Version": "9.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/cliui/node_modules/emoji-regex/package.json" + }, + { + "ID": "emoji-regex@9.2.2", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@9.2.2", + "UID": "e62f6d22a3363f55" + }, + "Version": "9.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/node_modules/emoji-regex/package.json" + }, + { + "ID": "enabled@2.0.0", + "Name": "enabled", + "Identifier": { + "PURL": "pkg:npm/enabled@2.0.0", + "UID": "670fd27b43f705fa" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/enabled/package.json" + }, + { + "ID": "encodeurl@1.0.2", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@1.0.2", + "UID": "defc84fa8febb8c6" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/send/node_modules/encodeurl/package.json" + }, + { + "ID": "encodeurl@2.0.0", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@2.0.0", + "UID": "b80b6f95efe63b5d" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/encodeurl/package.json" + }, + { + "ID": "encoding@0.1.13", + "Name": "encoding", + "Identifier": { + "PURL": "pkg:npm/encoding@0.1.13", + "UID": "a2c590559beed17e" + }, + "Version": "0.1.13", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/encoding/package.json" + }, + { + "ID": "end-of-stream@1.4.5", + "Name": "end-of-stream", + "Identifier": { + "PURL": "pkg:npm/end-of-stream@1.4.5", + "UID": "dbd87e29ad720726" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/end-of-stream/package.json" + }, + { + "ID": "engine.io@4.1.2", + "Name": "engine.io", + "Identifier": { + "PURL": "pkg:npm/engine.io@4.1.2", + "UID": "140b9ddc3959168c" + }, + "Version": "4.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/engine.io/package.json" + }, + { + "ID": "engine.io-parser@4.0.3", + "Name": "engine.io-parser", + "Identifier": { + "PURL": "pkg:npm/engine.io-parser@4.0.3", + "UID": "8cc0d30a23765f54" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/engine.io-parser/package.json" + }, + { + "ID": "env-paths@2.2.1", + "Name": "env-paths", + "Identifier": { + "PURL": "pkg:npm/env-paths@2.2.1", + "UID": "1a327c9d92886542" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/env-paths/package.json" + }, + { + "ID": "err-code@1.1.2", + "Name": "err-code", + "Identifier": { + "PURL": "pkg:npm/err-code@1.1.2", + "UID": "3481bc9e3316f978" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/proper-lockfile/node_modules/err-code/package.json" + }, + { + "ID": "err-code@2.0.3", + "Name": "err-code", + "Identifier": { + "PURL": "pkg:npm/err-code@2.0.3", + "UID": "a1cfbea4f6175f70" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/err-code/package.json" + }, + { + "ID": "errorhandler@1.5.1", + "Name": "errorhandler", + "Identifier": { + "PURL": "pkg:npm/errorhandler@1.5.1", + "UID": "ebb0d084b31115d8" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/errorhandler/package.json" + }, + { + "ID": "es-define-property@1.0.1", + "Name": "es-define-property", + "Identifier": { + "PURL": "pkg:npm/es-define-property@1.0.1", + "UID": "aea9003e9f76f3bc" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/es-define-property/package.json" + }, + { + "ID": "es-errors@1.3.0", + "Name": "es-errors", + "Identifier": { + "PURL": "pkg:npm/es-errors@1.3.0", + "UID": "a2d5347cb7e8aa53" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/es-errors/package.json" + }, + { + "ID": "es-get-iterator@1.1.3", + "Name": "es-get-iterator", + "Identifier": { + "PURL": "pkg:npm/es-get-iterator@1.1.3", + "UID": "f02dbd971f3cfb9e" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/es-get-iterator/package.json" + }, + { + "ID": "es-object-atoms@1.1.1", + "Name": "es-object-atoms", + "Identifier": { + "PURL": "pkg:npm/es-object-atoms@1.1.1", + "UID": "6172fd54c0519804" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/es-object-atoms/package.json" + }, + { + "ID": "escape-html@1.0.3", + "Name": "escape-html", + "Identifier": { + "PURL": "pkg:npm/escape-html@1.0.3", + "UID": "84274cb9f84cf49f" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/escape-html/package.json" + }, + { + "ID": "escape-string-regexp@1.0.5", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@1.0.5", + "UID": "812685d790b67261" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/escape-string-regexp/package.json" + }, + { + "ID": "escodegen@2.1.0", + "Name": "escodegen", + "Identifier": { + "PURL": "pkg:npm/escodegen@2.1.0", + "UID": "de184cb3a96a56d" + }, + "Version": "2.1.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/escodegen/package.json" + }, + { + "ID": "esprima@1.0.4", + "Name": "esprima", + "Identifier": { + "PURL": "pkg:npm/esprima@1.0.4", + "UID": "cfdce56375ef63a0" + }, + "Version": "1.0.4", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/notevil/node_modules/esprima/package.json" + }, + { + "ID": "esprima@4.0.1", + "Name": "esprima", + "Identifier": { + "PURL": "pkg:npm/esprima@4.0.1", + "UID": "8c7ad9efea15fc25" + }, + "Version": "4.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/esprima/package.json" + }, + { + "ID": "estraverse@5.3.0", + "Name": "estraverse", + "Identifier": { + "PURL": "pkg:npm/estraverse@5.3.0", + "UID": "b1a3871034174b76" + }, + "Version": "5.3.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/estraverse/package.json" + }, + { + "ID": "esutils@2.0.3", + "Name": "esutils", + "Identifier": { + "PURL": "pkg:npm/esutils@2.0.3", + "UID": "8c158e19af7c373b" + }, + "Version": "2.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/esutils/package.json" + }, + { + "ID": "etag@1.8.1", + "Name": "etag", + "Identifier": { + "PURL": "pkg:npm/etag@1.8.1", + "UID": "26ccc7596e45fcbb" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/etag/package.json" + }, + { + "ID": "ethereum-cryptography@2.2.1", + "Name": "ethereum-cryptography", + "Identifier": { + "PURL": "pkg:npm/ethereum-cryptography@2.2.1", + "UID": "382cb4cd36ff0e6b" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethereum-cryptography/package.json" + }, + { + "ID": "ethers@6.15.0", + "Name": "ethers", + "Identifier": { + "PURL": "pkg:npm/ethers@6.15.0", + "UID": "7813f7330f2a1321" + }, + "Version": "6.15.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethers/package.json" + }, + { + "ID": "event-target-shim@5.0.1", + "Name": "event-target-shim", + "Identifier": { + "PURL": "pkg:npm/event-target-shim@5.0.1", + "UID": "d65f6891c283d78a" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/event-target-shim/package.json" + }, + { + "ID": "eventemitter2@0.4.14", + "Name": "eventemitter2", + "Identifier": { + "PURL": "pkg:npm/eventemitter2@0.4.14", + "UID": "a2c747f121f0891a" + }, + "Version": "0.4.14", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/eventemitter2/package.json" + }, + { + "ID": "eventemitter3@1.1.1", + "Name": "eventemitter3", + "Identifier": { + "PURL": "pkg:npm/eventemitter3@1.1.1", + "UID": "ed64fa740243e77" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/marsdb/node_modules/eventemitter3/package.json" + }, + { + "ID": "eventemitter3@5.0.1", + "Name": "eventemitter3", + "Identifier": { + "PURL": "pkg:npm/eventemitter3@5.0.1", + "UID": "e965fe15e01d0f36" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-utils/node_modules/eventemitter3/package.json" + }, + { + "ID": "events@3.3.0", + "Name": "events", + "Identifier": { + "PURL": "pkg:npm/events@3.3.0", + "UID": "aac9fe2e6e95eead" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/events/package.json" + }, + { + "ID": "exit@0.1.2", + "Name": "exit", + "Identifier": { + "PURL": "pkg:npm/exit@0.1.2", + "UID": "e2b124f4a3048a42" + }, + "Version": "0.1.2", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/exit/package.json" + }, + { + "ID": "expand-brackets@2.1.4", + "Name": "expand-brackets", + "Identifier": { + "PURL": "pkg:npm/expand-brackets@2.1.4", + "UID": "129c5b2a75051b6b" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/package.json" + }, + { + "ID": "expand-template@2.0.3", + "Name": "expand-template", + "Identifier": { + "PURL": "pkg:npm/expand-template@2.0.3", + "UID": "9abc2dea5ca0233e" + }, + "Version": "2.0.3", + "Licenses": [ + "(MIT OR WTFPL)" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-template/package.json" + }, + { + "ID": "expand-tilde@2.0.2", + "Name": "expand-tilde", + "Identifier": { + "PURL": "pkg:npm/expand-tilde@2.0.2", + "UID": "b5ae1488c6cc6638" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-tilde/package.json" + }, + { + "ID": "exponential-backoff@3.1.2", + "Name": "exponential-backoff", + "Identifier": { + "PURL": "pkg:npm/exponential-backoff@3.1.2", + "UID": "6f9ac22826ef3fe8" + }, + "Version": "3.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/exponential-backoff/package.json" + }, + { + "ID": "express@4.21.2", + "Name": "express", + "Identifier": { + "PURL": "pkg:npm/express@4.21.2", + "UID": "aacb7fb5573683f2" + }, + "Version": "4.21.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express/package.json" + }, + { + "ID": "express-ipfilter@1.3.2", + "Name": "express-ipfilter", + "Identifier": { + "PURL": "pkg:npm/express-ipfilter@1.3.2", + "UID": "16e6a7ef45c51b12" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-ipfilter/package.json" + }, + { + "ID": "express-jwt@0.1.3", + "Name": "express-jwt", + "Identifier": { + "PURL": "pkg:npm/express-jwt@0.1.3", + "UID": "ff43a00952d1fea" + }, + "Version": "0.1.3", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-jwt/package.json" + }, + { + "ID": "express-rate-limit@7.5.1", + "Name": "express-rate-limit", + "Identifier": { + "PURL": "pkg:npm/express-rate-limit@7.5.1", + "UID": "94e55277876a3101" + }, + "Version": "7.5.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-rate-limit/package.json" + }, + { + "ID": "express-robots-txt@0.4.1", + "Name": "express-robots-txt", + "Identifier": { + "PURL": "pkg:npm/express-robots-txt@0.4.1", + "UID": "5ea1f6b1497bd3d6" + }, + "Version": "0.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-robots-txt/package.json" + }, + { + "ID": "express-security.txt@2.0.0", + "Name": "express-security.txt", + "Identifier": { + "PURL": "pkg:npm/express-security.txt@2.0.0", + "UID": "22f34bbb3fd71375" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-security.txt/package.json" + }, + { + "ID": "ext-list@2.2.2", + "Name": "ext-list", + "Identifier": { + "PURL": "pkg:npm/ext-list@2.2.2", + "UID": "5209da0bf8e7f070" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ext-list/package.json" + }, + { + "ID": "ext-name@5.0.0", + "Name": "ext-name", + "Identifier": { + "PURL": "pkg:npm/ext-name@5.0.0", + "UID": "43870b50682cf4d6" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ext-name/package.json" + }, + { + "ID": "extend@3.0.2", + "Name": "extend", + "Identifier": { + "PURL": "pkg:npm/extend@3.0.2", + "UID": "7fb41d7500d51395" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extend/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "f8d3c4b8b569019b" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/braces/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "6ff14752e0b8e919" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "5cd52afd0d385053" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extglob/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "b5af82950676cd14" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fill-range/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "5c701a90f7f83b9d" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-value/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@2.0.1", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@2.0.1", + "UID": "14a2479989b46833" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/extend-shallow/package.json" + }, + { + "ID": "extend-shallow@3.0.2", + "Name": "extend-shallow", + "Identifier": { + "PURL": "pkg:npm/extend-shallow@3.0.2", + "UID": "f75ed308121f03f3" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extend-shallow/package.json" + }, + { + "ID": "extglob@2.0.4", + "Name": "extglob", + "Identifier": { + "PURL": "pkg:npm/extglob@2.0.4", + "UID": "f111909520ce7630" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extglob/package.json" + }, + { + "ID": "fast.js@0.1.1", + "Name": "fast.js", + "Identifier": { + "PURL": "pkg:npm/fast.js@0.1.1", + "UID": "98da9d2864f8caa3" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fast.js/package.json" + }, + { + "ID": "fd-slicer@1.1.0", + "Name": "fd-slicer", + "Identifier": { + "PURL": "pkg:npm/fd-slicer@1.1.0", + "UID": "69884d7e38c681c8" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fd-slicer/package.json" + }, + { + "ID": "fdir@6.5.0", + "Name": "fdir", + "Identifier": { + "PURL": "pkg:npm/fdir@6.5.0", + "UID": "b724087ceda809fa" + }, + "Version": "6.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tinyglobby/node_modules/fdir/package.json" + }, + { + "ID": "feature-policy@0.5.0", + "Name": "feature-policy", + "Identifier": { + "PURL": "pkg:npm/feature-policy@0.5.0", + "UID": "bf641aa489c223c7" + }, + "Version": "0.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/feature-policy/package.json" + }, + { + "ID": "fecha@4.2.3", + "Name": "fecha", + "Identifier": { + "PURL": "pkg:npm/fecha@4.2.3", + "UID": "82c7221b279ace9d" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fecha/package.json" + }, + { + "ID": "file-js@0.3.0", + "Name": "file-js", + "Identifier": { + "PURL": "pkg:npm/file-js@0.3.0", + "UID": "63ed9f1787ed3976" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-js/package.json" + }, + { + "ID": "file-stream-rotator@1.0.0", + "Name": "file-stream-rotator", + "Identifier": { + "PURL": "pkg:npm/file-stream-rotator@1.0.0", + "UID": "1738d874ba4facd7" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-stream-rotator/package.json" + }, + { + "ID": "file-type@11.1.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@11.1.0", + "UID": "a9e2248c2b60f5d7" + }, + "Version": "11.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/download/node_modules/file-type/package.json" + }, + { + "ID": "file-type@16.5.4", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@16.5.4", + "UID": "c36456cc041b1804" + }, + "Version": "16.5.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-type/package.json" + }, + { + "ID": "file-type@3.9.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@3.9.0", + "UID": "d878944bbda64ebe" + }, + "Version": "3.9.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-unzip/node_modules/file-type/package.json" + }, + { + "ID": "file-type@4.4.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@4.4.0", + "UID": "1f1a1b7c56efd6e5" + }, + "Version": "4.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archive-type/node_modules/file-type/package.json" + }, + { + "ID": "file-type@5.2.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@5.2.0", + "UID": "9635066bc8141692" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-tar/node_modules/file-type/package.json" + }, + { + "ID": "file-type@5.2.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@5.2.0", + "UID": "c6577cb7559876c2" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-targz/node_modules/file-type/package.json" + }, + { + "ID": "file-type@6.2.0", + "Name": "file-type", + "Identifier": { + "PURL": "pkg:npm/file-type@6.2.0", + "UID": "83823eea76f1825f" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-tarbz2/node_modules/file-type/package.json" + }, + { + "ID": "file-uri-to-path@1.0.0", + "Name": "file-uri-to-path", + "Identifier": { + "PURL": "pkg:npm/file-uri-to-path@1.0.0", + "UID": "90a0bd866ab7ae12" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-uri-to-path/package.json" + }, + { + "ID": "filehound@1.17.6", + "Name": "filehound", + "Identifier": { + "PURL": "pkg:npm/filehound@1.17.6", + "UID": "87c183ce46f736ef" + }, + "Version": "1.17.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filehound/package.json" + }, + { + "ID": "filename-reserved-regex@2.0.0", + "Name": "filename-reserved-regex", + "Identifier": { + "PURL": "pkg:npm/filename-reserved-regex@2.0.0", + "UID": "2094bd617f4126e9" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filename-reserved-regex/package.json" + }, + { + "ID": "filenamify@3.0.0", + "Name": "filenamify", + "Identifier": { + "PURL": "pkg:npm/filenamify@3.0.0", + "UID": "4ab4435231a34466" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filenamify/package.json" + }, + { + "ID": "filesniffer@1.0.3", + "Name": "filesniffer", + "Identifier": { + "PURL": "pkg:npm/filesniffer@1.0.3", + "UID": "6e1678d627d4fb9d" + }, + "Version": "1.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filesniffer/package.json" + }, + { + "ID": "fill-range@4.0.0", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@4.0.0", + "UID": "3a13597cf701e3ec" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fill-range/package.json" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "32b03d9e43d13102" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/fill-range/package.json" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "6175d6928b24ac12" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/fill-range/package.json" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "15caa970805c8782" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/fill-range/package.json" + }, + { + "ID": "finale-rest@1.2.2", + "Name": "finale-rest", + "Identifier": { + "PURL": "pkg:npm/finale-rest@1.2.2", + "UID": "1ad312564ed3742c" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/finale-rest/package.json" + }, + { + "ID": "finalhandler@1.3.1", + "Name": "finalhandler", + "Identifier": { + "PURL": "pkg:npm/finalhandler@1.3.1", + "UID": "8696518d910f70f7" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/finalhandler/package.json" + }, + { + "ID": "find-up@4.1.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@4.1.0", + "UID": "4788f9bd55017dcd" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/find-up/package.json" + }, + { + "ID": "findup-sync@2.0.0", + "Name": "findup-sync", + "Identifier": { + "PURL": "pkg:npm/findup-sync@2.0.0", + "UID": "2d64c1b5ed9d6891" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/findup-sync/package.json" + }, + { + "ID": "findup-sync@4.0.0", + "Name": "findup-sync", + "Identifier": { + "PURL": "pkg:npm/findup-sync@4.0.0", + "UID": "94fef9903e9ac342" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/findup-sync/package.json" + }, + { + "ID": "findup-sync@5.0.0", + "Name": "findup-sync", + "Identifier": { + "PURL": "pkg:npm/findup-sync@5.0.0", + "UID": "b3d8edbcb6179f07" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/findup-sync/package.json" + }, + { + "ID": "fined@1.2.0", + "Name": "fined", + "Identifier": { + "PURL": "pkg:npm/fined@1.2.0", + "UID": "484917df6d04847d" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fined/package.json" + }, + { + "ID": "flagged-respawn@1.0.1", + "Name": "flagged-respawn", + "Identifier": { + "PURL": "pkg:npm/flagged-respawn@1.0.1", + "UID": "20ca437be013520c" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/flagged-respawn/package.json" + }, + { + "ID": "fn.name@1.1.0", + "Name": "fn.name", + "Identifier": { + "PURL": "pkg:npm/fn.name@1.1.0", + "UID": "bc307dcb7a44da88" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fn.name/package.json" + }, + { + "ID": "fontkit@1.9.0", + "Name": "fontkit", + "Identifier": { + "PURL": "pkg:npm/fontkit@1.9.0", + "UID": "82a4731b5a79db2" + }, + "Version": "1.9.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fontkit/package.json" + }, + { + "ID": "for-each@0.3.5", + "Name": "for-each", + "Identifier": { + "PURL": "pkg:npm/for-each@0.3.5", + "UID": "3756bda6b183ac1a" + }, + "Version": "0.3.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/for-each/package.json" + }, + { + "ID": "for-in@1.0.2", + "Name": "for-in", + "Identifier": { + "PURL": "pkg:npm/for-in@1.0.2", + "UID": "b8b2522d488c75a2" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/for-in/package.json" + }, + { + "ID": "for-own@1.0.0", + "Name": "for-own", + "Identifier": { + "PURL": "pkg:npm/for-own@1.0.0", + "UID": "f6bbf7729075962c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/for-own/package.json" + }, + { + "ID": "foreachasync@3.0.0", + "Name": "foreachasync", + "Identifier": { + "PURL": "pkg:npm/foreachasync@3.0.0", + "UID": "2d2346845e30908c" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/foreachasync/package.json" + }, + { + "ID": "foreground-child@3.3.1", + "Name": "foreground-child", + "Identifier": { + "PURL": "pkg:npm/foreground-child@3.3.1", + "UID": "3c865e912baf2eb7" + }, + "Version": "3.3.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/foreground-child/package.json" + }, + { + "ID": "formatio@1.1.1", + "Name": "formatio", + "Identifier": { + "PURL": "pkg:npm/formatio@1.1.1", + "UID": "b1b0d91585bad5f" + }, + "Version": "1.1.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/formatio/package.json" + }, + { + "ID": "forwarded@0.2.0", + "Name": "forwarded", + "Identifier": { + "PURL": "pkg:npm/forwarded@0.2.0", + "UID": "10dc68bbe32466ca" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/forwarded/package.json" + }, + { + "ID": "fragment-cache@0.2.1", + "Name": "fragment-cache", + "Identifier": { + "PURL": "pkg:npm/fragment-cache@0.2.1", + "UID": "a679a065ebff0eff" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fragment-cache/package.json" + }, + { + "ID": "fresh@0.5.2", + "Name": "fresh", + "Identifier": { + "PURL": "pkg:npm/fresh@0.5.2", + "UID": "2bb3cebc57533a12" + }, + "Version": "0.5.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fresh/package.json" + }, + { + "ID": "from2@2.3.0", + "Name": "from2", + "Identifier": { + "PURL": "pkg:npm/from2@2.3.0", + "UID": "4d98f736ef12293c" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/from2/package.json" + }, + { + "ID": "frontend@19.0.0", + "Name": "frontend", + "Identifier": { + "PURL": "pkg:npm/frontend@19.0.0", + "UID": "737c6cf3b572675b" + }, + "Version": "19.0.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/frontend/package.json" + }, + { + "ID": "fs-constants@1.0.0", + "Name": "fs-constants", + "Identifier": { + "PURL": "pkg:npm/fs-constants@1.0.0", + "UID": "df4d481a9ce31409" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fs-constants/package.json" + }, + { + "ID": "fs-extra@9.1.0", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@9.1.0", + "UID": "4d9e4912f10d760f" + }, + "Version": "9.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fs-extra/package.json" + }, + { + "ID": "fs-minipass@1.2.7", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@1.2.7", + "UID": "7acae389ddf882b4" + }, + "Version": "1.2.7", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/fs-minipass/package.json" + }, + { + "ID": "fs-minipass@2.1.0", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@2.1.0", + "UID": "b8025fffe52c5511" + }, + "Version": "2.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/fs-minipass/package.json" + }, + { + "ID": "fs-minipass@3.0.3", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@3.0.3", + "UID": "3bbba9591eb0dd5a" + }, + "Version": "3.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fs-minipass/package.json" + }, + { + "ID": "fs.realpath@1.0.0", + "Name": "fs.realpath", + "Identifier": { + "PURL": "pkg:npm/fs.realpath@1.0.0", + "UID": "5984a04135354d1d" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fs.realpath/package.json" + }, + { + "ID": "fstream@1.0.12", + "Name": "fstream", + "Identifier": { + "PURL": "pkg:npm/fstream@1.0.12", + "UID": "b24dcc3bec04afc3" + }, + "Version": "1.0.12", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/package.json" + }, + { + "ID": "function-bind@1.1.2", + "Name": "function-bind", + "Identifier": { + "PURL": "pkg:npm/function-bind@1.1.2", + "UID": "2cbcfd2006450e76" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/function-bind/package.json" + }, + { + "ID": "functions-have-names@1.2.3", + "Name": "functions-have-names", + "Identifier": { + "PURL": "pkg:npm/functions-have-names@1.2.3", + "UID": "4dbac6184c20b12b" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/functions-have-names/package.json" + }, + { + "ID": "fuzzball@1.4.0", + "Name": "fuzzball", + "Identifier": { + "PURL": "pkg:npm/fuzzball@1.4.0", + "UID": "30bb827d3ed21f9a" + }, + "Version": "1.4.0", + "Licenses": [ + "GPL-2.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fuzzball/package.json" + }, + { + "ID": "gauge@2.7.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@2.7.4", + "UID": "45e427949b472a67" + }, + "Version": "2.7.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gauge/package.json" + }, + { + "ID": "gauge@4.0.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@4.0.4", + "UID": "c7230cc578f6038d" + }, + "Version": "4.0.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/gauge/package.json" + }, + { + "ID": "geojson-utils@1.1.0", + "Name": "geojson-utils", + "Identifier": { + "PURL": "pkg:npm/geojson-utils@1.1.0", + "UID": "8601d2601e43b15" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/geojson-utils/package.json" + }, + { + "ID": "get-caller-file@2.0.5", + "Name": "get-caller-file", + "Identifier": { + "PURL": "pkg:npm/get-caller-file@2.0.5", + "UID": "2c4c62f7b0554042" + }, + "Version": "2.0.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/get-caller-file/package.json" + }, + { + "ID": "get-intrinsic@1.3.0", + "Name": "get-intrinsic", + "Identifier": { + "PURL": "pkg:npm/get-intrinsic@1.3.0", + "UID": "3642bffa06d75a0c" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/get-intrinsic/package.json" + }, + { + "ID": "get-proto@1.0.1", + "Name": "get-proto", + "Identifier": { + "PURL": "pkg:npm/get-proto@1.0.1", + "UID": "13284fb85937151f" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/get-proto/package.json" + }, + { + "ID": "get-stream@2.3.1", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@2.3.1", + "UID": "b5895353c3042712" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-unzip/node_modules/get-stream/package.json" + }, + { + "ID": "get-stream@3.0.0", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@3.0.0", + "UID": "fa2d8acbefb9ee70" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacheable-request/node_modules/get-stream/package.json" + }, + { + "ID": "get-stream@3.0.0", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@3.0.0", + "UID": "2a3f5f75351d69b4" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/got/node_modules/get-stream/package.json" + }, + { + "ID": "get-stream@4.1.0", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@4.1.0", + "UID": "a4a226589f3707e5" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/get-stream/package.json" + }, + { + "ID": "get-value@2.0.6", + "Name": "get-value", + "Identifier": { + "PURL": "pkg:npm/get-value@2.0.6", + "UID": "3c133a63d01d803e" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/get-value/package.json" + }, + { + "ID": "getobject@1.0.2", + "Name": "getobject", + "Identifier": { + "PURL": "pkg:npm/getobject@1.0.2", + "UID": "dec4495b070c65fd" + }, + "Version": "1.0.2", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/getobject/package.json" + }, + { + "ID": "github-from-package@0.0.0", + "Name": "github-from-package", + "Identifier": { + "PURL": "pkg:npm/github-from-package@0.0.0", + "UID": "a10d2faf9d9465f" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/github-from-package/package.json" + }, + { + "ID": "glob@10.4.5", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@10.4.5", + "UID": "9739d65ea52ee450" + }, + "Version": "10.4.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/glob/package.json" + }, + { + "ID": "glob@7.1.7", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.1.7", + "UID": "35ea9e4c66ab68f1" + }, + "Version": "7.1.7", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "87eadc4d38d6c81e" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver-utils/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "4f933362149a88ff" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "7bf22e6ed82f410" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "ac9d1831566dc33f" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "8186015e108e74c3" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rimraf/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "e1082cd6779d7e0c" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/glob/package.json" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "db9c94b5d511651d" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/glob/package.json" + }, + { + "ID": "glob-parent@5.1.2", + "Name": "glob-parent", + "Identifier": { + "PURL": "pkg:npm/glob-parent@5.1.2", + "UID": "d5de2c09a75f7af2" + }, + "Version": "5.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/glob-parent/package.json" + }, + { + "ID": "global-modules@1.0.0", + "Name": "global-modules", + "Identifier": { + "PURL": "pkg:npm/global-modules@1.0.0", + "UID": "f4a05e50f9dd2711" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/global-modules/package.json" + }, + { + "ID": "global-prefix@1.0.2", + "Name": "global-prefix", + "Identifier": { + "PURL": "pkg:npm/global-prefix@1.0.2", + "UID": "7fb90b10bdb259b5" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/global-prefix/package.json" + }, + { + "ID": "gopd@1.2.0", + "Name": "gopd", + "Identifier": { + "PURL": "pkg:npm/gopd@1.2.0", + "UID": "9f0f9d4f2303de2d" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gopd/package.json" + }, + { + "ID": "got@8.3.2", + "Name": "got", + "Identifier": { + "PURL": "pkg:npm/got@8.3.2", + "UID": "565e22ebc733911a" + }, + "Version": "8.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/got/package.json" + }, + { + "ID": "graceful-fs@4.2.11", + "Name": "graceful-fs", + "Identifier": { + "PURL": "pkg:npm/graceful-fs@4.2.11", + "UID": "3c453e49c3829e35" + }, + "Version": "4.2.11", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/graceful-fs/package.json" + }, + { + "ID": "grunt@1.6.1", + "Name": "grunt", + "Identifier": { + "PURL": "pkg:npm/grunt@1.6.1", + "UID": "e65dd642cc954fde" + }, + "Version": "1.6.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/package.json" + }, + { + "ID": "grunt-cli@1.4.3", + "Name": "grunt-cli", + "Identifier": { + "PURL": "pkg:npm/grunt-cli@1.4.3", + "UID": "41c075cce9bd635d" + }, + "Version": "1.4.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/grunt-cli/package.json" + }, + { + "ID": "grunt-contrib-compress@1.6.0", + "Name": "grunt-contrib-compress", + "Identifier": { + "PURL": "pkg:npm/grunt-contrib-compress@1.6.0", + "UID": "d259402f6cf9c46b" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/package.json" + }, + { + "ID": "grunt-known-options@2.0.0", + "Name": "grunt-known-options", + "Identifier": { + "PURL": "pkg:npm/grunt-known-options@2.0.0", + "UID": "4e0fd7ab2d3340ef" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-known-options/package.json" + }, + { + "ID": "grunt-legacy-log@3.0.0", + "Name": "grunt-legacy-log", + "Identifier": { + "PURL": "pkg:npm/grunt-legacy-log@3.0.0", + "UID": "591682e987b3f533" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log/package.json" + }, + { + "ID": "grunt-legacy-log-utils@2.1.0", + "Name": "grunt-legacy-log-utils", + "Identifier": { + "PURL": "pkg:npm/grunt-legacy-log-utils@2.1.0", + "UID": "b20885b75234befa" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/package.json" + }, + { + "ID": "grunt-legacy-util@2.0.1", + "Name": "grunt-legacy-util", + "Identifier": { + "PURL": "pkg:npm/grunt-legacy-util@2.0.1", + "UID": "3c40bce8e4e01953" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-util/package.json" + }, + { + "ID": "grunt-replace-json@0.1.0", + "Name": "grunt-replace-json", + "Identifier": { + "PURL": "pkg:npm/grunt-replace-json@0.1.0", + "UID": "405a7915939b7b19" + }, + "Version": "0.1.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-replace-json/package.json" + }, + { + "ID": "handlebars@4.7.7", + "Name": "handlebars", + "Identifier": { + "PURL": "pkg:npm/handlebars@4.7.7", + "UID": "104959ab024ef181" + }, + "Version": "4.7.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/handlebars/package.json" + }, + { + "ID": "has-ansi@2.0.0", + "Name": "has-ansi", + "Identifier": { + "PURL": "pkg:npm/has-ansi@2.0.0", + "UID": "bd19230bd6adcc3b" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-ansi/package.json" + }, + { + "ID": "has-bigints@1.1.0", + "Name": "has-bigints", + "Identifier": { + "PURL": "pkg:npm/has-bigints@1.1.0", + "UID": "8065f16078440205" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-bigints/package.json" + }, + { + "ID": "has-flag@3.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@3.0.0", + "UID": "48c6219f3919e49" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-flag/package.json" + }, + { + "ID": "has-flag@4.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@4.0.0", + "UID": "980b2e2abb30835b" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/has-flag/package.json" + }, + { + "ID": "has-property-descriptors@1.0.2", + "Name": "has-property-descriptors", + "Identifier": { + "PURL": "pkg:npm/has-property-descriptors@1.0.2", + "UID": "31c6d5f6d175643d" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-property-descriptors/package.json" + }, + { + "ID": "has-symbol-support-x@1.4.2", + "Name": "has-symbol-support-x", + "Identifier": { + "PURL": "pkg:npm/has-symbol-support-x@1.4.2", + "UID": "bc56d77409e79fd0" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-symbol-support-x/package.json" + }, + { + "ID": "has-symbols@1.1.0", + "Name": "has-symbols", + "Identifier": { + "PURL": "pkg:npm/has-symbols@1.1.0", + "UID": "fbb02e105a7c5270" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-symbols/package.json" + }, + { + "ID": "has-to-string-tag-x@1.4.1", + "Name": "has-to-string-tag-x", + "Identifier": { + "PURL": "pkg:npm/has-to-string-tag-x@1.4.1", + "UID": "bf49059b63adfc37" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-to-string-tag-x/package.json" + }, + { + "ID": "has-tostringtag@1.0.2", + "Name": "has-tostringtag", + "Identifier": { + "PURL": "pkg:npm/has-tostringtag@1.0.2", + "UID": "8ce24a35698990f3" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-tostringtag/package.json" + }, + { + "ID": "has-unicode@2.0.1", + "Name": "has-unicode", + "Identifier": { + "PURL": "pkg:npm/has-unicode@2.0.1", + "UID": "a86c6feb8bf5bdd8" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-unicode/package.json" + }, + { + "ID": "has-value@0.3.1", + "Name": "has-value", + "Identifier": { + "PURL": "pkg:npm/has-value@0.3.1", + "UID": "5b8ca4f8c5bd2b7b" + }, + "Version": "0.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unset-value/node_modules/has-value/package.json" + }, + { + "ID": "has-value@1.0.0", + "Name": "has-value", + "Identifier": { + "PURL": "pkg:npm/has-value@1.0.0", + "UID": "50af7866e3c0e85b" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-value/package.json" + }, + { + "ID": "has-values@0.1.4", + "Name": "has-values", + "Identifier": { + "PURL": "pkg:npm/has-values@0.1.4", + "UID": "a3816d368c2980e5" + }, + "Version": "0.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unset-value/node_modules/has-values/package.json" + }, + { + "ID": "has-values@1.0.0", + "Name": "has-values", + "Identifier": { + "PURL": "pkg:npm/has-values@1.0.0", + "UID": "ae93114e79094c34" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-values/package.json" + }, + { + "ID": "hashids@2.3.0", + "Name": "hashids", + "Identifier": { + "PURL": "pkg:npm/hashids@2.3.0", + "UID": "a3e91834d9b46b60" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/hashids/package.json" + }, + { + "ID": "hasown@2.0.2", + "Name": "hasown", + "Identifier": { + "PURL": "pkg:npm/hasown@2.0.2", + "UID": "218b7b955d4b2ca8" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/hasown/package.json" + }, + { + "ID": "hbs@4.2.0", + "Name": "hbs", + "Identifier": { + "PURL": "pkg:npm/hbs@4.2.0", + "UID": "8c17e60eb73a67cb" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/hbs/package.json" + }, + { + "ID": "he@0.4.1", + "Name": "he", + "Identifier": { + "PURL": "pkg:npm/he@0.4.1", + "UID": "3fa37010e2a5c50f" + }, + "Version": "0.4.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/he/package.json" + }, + { + "ID": "heap@0.2.7", + "Name": "heap", + "Identifier": { + "PURL": "pkg:npm/heap@0.2.7", + "UID": "be2a283877bf4a4f" + }, + "Version": "0.2.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/heap/package.json" + }, + { + "ID": "helmet@4.6.0", + "Name": "helmet", + "Identifier": { + "PURL": "pkg:npm/helmet@4.6.0", + "UID": "152f5ce6584e8f48" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/helmet/package.json" + }, + { + "ID": "hoister@0.0.2", + "Name": "hoister", + "Identifier": { + "PURL": "pkg:npm/hoister@0.0.2", + "UID": "b002727f523ae5c7" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/hoister/package.json" + }, + { + "ID": "homedir-polyfill@1.0.3", + "Name": "homedir-polyfill", + "Identifier": { + "PURL": "pkg:npm/homedir-polyfill@1.0.3", + "UID": "285667209f597b7" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/homedir-polyfill/package.json" + }, + { + "ID": "hooker@0.2.3", + "Name": "hooker", + "Identifier": { + "PURL": "pkg:npm/hooker@0.2.3", + "UID": "a93057c3d982ac02" + }, + "Version": "0.2.3", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/hooker/package.json" + }, + { + "ID": "html-entities@1.4.0", + "Name": "html-entities", + "Identifier": { + "PURL": "pkg:npm/html-entities@1.4.0", + "UID": "782a5b247a806bf" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/html-entities/package.json" + }, + { + "ID": "htmlparser2@3.3.0", + "Name": "htmlparser2", + "Identifier": { + "PURL": "pkg:npm/htmlparser2@3.3.0", + "UID": "f1e5916bfe5c794b" + }, + "Version": "3.3.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/htmlparser2/package.json" + }, + { + "ID": "http-cache-semantics@3.8.1", + "Name": "http-cache-semantics", + "Identifier": { + "PURL": "pkg:npm/http-cache-semantics@3.8.1", + "UID": "868c747b9b0d5ddb" + }, + "Version": "3.8.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/http-cache-semantics/package.json" + }, + { + "ID": "http-cache-semantics@4.2.0", + "Name": "http-cache-semantics", + "Identifier": { + "PURL": "pkg:npm/http-cache-semantics@4.2.0", + "UID": "efae8d1d4ec36293" + }, + "Version": "4.2.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-fetch-happen/node_modules/http-cache-semantics/package.json" + }, + { + "ID": "http-cache-semantics@4.2.0", + "Name": "http-cache-semantics", + "Identifier": { + "PURL": "pkg:npm/http-cache-semantics@4.2.0", + "UID": "1bceb49003e2576a" + }, + "Version": "4.2.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/http-cache-semantics/package.json" + }, + { + "ID": "http-errors@1.6.3", + "Name": "http-errors", + "Identifier": { + "PURL": "pkg:npm/http-errors@1.6.3", + "UID": "d493169a4666162" + }, + "Version": "1.6.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/http-errors/package.json" + }, + { + "ID": "http-errors@2.0.0", + "Name": "http-errors", + "Identifier": { + "PURL": "pkg:npm/http-errors@2.0.0", + "UID": "76e044e7c2970e9f" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/http-errors/package.json" + }, + { + "ID": "http-proxy-agent@4.0.1", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@4.0.1", + "UID": "c20c80dbaea6c3af" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/http-proxy-agent/package.json" + }, + { + "ID": "http-proxy-agent@5.0.0", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@5.0.0", + "UID": "3f5fb3638a37a040" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/http-proxy-agent/package.json" + }, + { + "ID": "http-proxy-agent@7.0.2", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@7.0.2", + "UID": "892495171e62dc87" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/agent/node_modules/http-proxy-agent/package.json" + }, + { + "ID": "https-proxy-agent@5.0.1", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@5.0.1", + "UID": "8c70844fbd5b6f62" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/https-proxy-agent/package.json" + }, + { + "ID": "https-proxy-agent@7.0.6", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@7.0.6", + "UID": "a08a312e8296c2bf" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/agent/node_modules/https-proxy-agent/package.json" + }, + { + "ID": "humanize-ms@1.2.1", + "Name": "humanize-ms", + "Identifier": { + "PURL": "pkg:npm/humanize-ms@1.2.1", + "UID": "1cfe93fb27a8b97c" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/humanize-ms/package.json" + }, + { + "ID": "i18n@0.11.1", + "Name": "i18n", + "Identifier": { + "PURL": "pkg:npm/i18n@0.11.1", + "UID": "8ebc09e6c9971daf" + }, + "Version": "0.11.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/i18n/package.json" + }, + { + "ID": "iconv-lite@0.4.24", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.4.24", + "UID": "59ee73cd20fed1fd" + }, + "Version": "0.4.24", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/iconv-lite/package.json" + }, + { + "ID": "iconv-lite@0.6.3", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.6.3", + "UID": "a40eb6dde2f346" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/encoding/node_modules/iconv-lite/package.json" + }, + { + "ID": "iconv-lite@0.6.3", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.6.3", + "UID": "cd1ff31043d89b61" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/iconv-lite/package.json" + }, + { + "ID": "ieee754@1.2.1", + "Name": "ieee754", + "Identifier": { + "PURL": "pkg:npm/ieee754@1.2.1", + "UID": "d643c049dbdc771b" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ieee754/package.json" + }, + { + "ID": "ignore-walk@3.0.4", + "Name": "ignore-walk", + "Identifier": { + "PURL": "pkg:npm/ignore-walk@3.0.4", + "UID": "2d53df043c1984d6" + }, + "Version": "3.0.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ignore-walk/package.json" + }, + { + "ID": "iltorb@2.4.5", + "Name": "iltorb", + "Identifier": { + "PURL": "pkg:npm/iltorb@2.4.5", + "UID": "30f08ca93a4abef6" + }, + "Version": "2.4.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/iltorb/package.json" + }, + { + "ID": "imurmurhash@0.1.4", + "Name": "imurmurhash", + "Identifier": { + "PURL": "pkg:npm/imurmurhash@0.1.4", + "UID": "f49f0bb872a002d9" + }, + "Version": "0.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/imurmurhash/package.json" + }, + { + "ID": "indent-string@4.0.0", + "Name": "indent-string", + "Identifier": { + "PURL": "pkg:npm/indent-string@4.0.0", + "UID": "163c68ec6f48b277" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/indent-string/package.json" + }, + { + "ID": "infer-owner@1.0.4", + "Name": "infer-owner", + "Identifier": { + "PURL": "pkg:npm/infer-owner@1.0.4", + "UID": "e406aa3b82da37c3" + }, + "Version": "1.0.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/infer-owner/package.json" + }, + { + "ID": "inflection@1.13.4", + "Name": "inflection", + "Identifier": { + "PURL": "pkg:npm/inflection@1.13.4", + "UID": "f179c3b006c5449b" + }, + "Version": "1.13.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/inflection/package.json" + }, + { + "ID": "inflight@1.0.6", + "Name": "inflight", + "Identifier": { + "PURL": "pkg:npm/inflight@1.0.6", + "UID": "d0284a99891982b6" + }, + "Version": "1.0.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/inflight/package.json" + }, + { + "ID": "inherits@2.0.3", + "Name": "inherits", + "Identifier": { + "PURL": "pkg:npm/inherits@2.0.3", + "UID": "7938e8899c17f91f" + }, + "Version": "2.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/inherits/package.json" + }, + { + "ID": "inherits@2.0.4", + "Name": "inherits", + "Identifier": { + "PURL": "pkg:npm/inherits@2.0.4", + "UID": "50247f2384ce57be" + }, + "Version": "2.0.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/inherits/package.json" + }, + { + "ID": "ini@1.3.8", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@1.3.8", + "UID": "4db649d9a5a00d7c" + }, + "Version": "1.3.8", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/global-prefix/node_modules/ini/package.json" + }, + { + "ID": "ini@1.3.8", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@1.3.8", + "UID": "5bc80f49579880c7" + }, + "Version": "1.3.8", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rc/node_modules/ini/package.json" + }, + { + "ID": "internal-slot@1.1.0", + "Name": "internal-slot", + "Identifier": { + "PURL": "pkg:npm/internal-slot@1.1.0", + "UID": "56814759f8e54bf8" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/internal-slot/package.json" + }, + { + "ID": "interpret@1.1.0", + "Name": "interpret", + "Identifier": { + "PURL": "pkg:npm/interpret@1.1.0", + "UID": "43a71178169781bb" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/interpret/package.json" + }, + { + "ID": "into-stream@3.1.0", + "Name": "into-stream", + "Identifier": { + "PURL": "pkg:npm/into-stream@3.1.0", + "UID": "54397a33d807f61e" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/into-stream/package.json" + }, + { + "ID": "invariant@2.2.4", + "Name": "invariant", + "Identifier": { + "PURL": "pkg:npm/invariant@2.2.4", + "UID": "929db375bd28cde0" + }, + "Version": "2.2.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/invariant/package.json" + }, + { + "ID": "ip@2.0.1", + "Name": "ip", + "Identifier": { + "PURL": "pkg:npm/ip@2.0.1", + "UID": "a4e48be5e3d2c740" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ip/package.json" + }, + { + "ID": "ip-address@10.0.1", + "Name": "ip-address", + "Identifier": { + "PURL": "pkg:npm/ip-address@10.0.1", + "UID": "b8f80d8bb4e67e01" + }, + "Version": "10.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ip-address/package.json" + }, + { + "ID": "ip6@0.2.11", + "Name": "ip6", + "Identifier": { + "PURL": "pkg:npm/ip6@0.2.11", + "UID": "74be6cc6b11f3462" + }, + "Version": "0.2.11", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ip6/package.json" + }, + { + "ID": "ipaddr.js@1.9.1", + "Name": "ipaddr.js", + "Identifier": { + "PURL": "pkg:npm/ipaddr.js@1.9.1", + "UID": "29886fd0d9c699f" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ipaddr.js/package.json" + }, + { + "ID": "is-absolute@1.0.0", + "Name": "is-absolute", + "Identifier": { + "PURL": "pkg:npm/is-absolute@1.0.0", + "UID": "265e1e94542af4e2" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-absolute/package.json" + }, + { + "ID": "is-accessor-descriptor@1.0.1", + "Name": "is-accessor-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-accessor-descriptor@1.0.1", + "UID": "3f1417b44e9c39f6" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-accessor-descriptor/package.json" + }, + { + "ID": "is-arguments@1.2.0", + "Name": "is-arguments", + "Identifier": { + "PURL": "pkg:npm/is-arguments@1.2.0", + "UID": "7fd4b10a2deb930b" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-arguments/package.json" + }, + { + "ID": "is-array-buffer@3.0.5", + "Name": "is-array-buffer", + "Identifier": { + "PURL": "pkg:npm/is-array-buffer@3.0.5", + "UID": "beaa4bd6964663be" + }, + "Version": "3.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-array-buffer/package.json" + }, + { + "ID": "is-arrayish@0.3.2", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.3.2", + "UID": "5091ea995ed6b8fc" + }, + "Version": "0.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-swizzle/node_modules/is-arrayish/package.json" + }, + { + "ID": "is-bigint@1.1.0", + "Name": "is-bigint", + "Identifier": { + "PURL": "pkg:npm/is-bigint@1.1.0", + "UID": "265c6b3f2ee46692" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-bigint/package.json" + }, + { + "ID": "is-binary-path@2.1.0", + "Name": "is-binary-path", + "Identifier": { + "PURL": "pkg:npm/is-binary-path@2.1.0", + "UID": "1cc9201d637ffe74" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-binary-path/package.json" + }, + { + "ID": "is-boolean-object@1.2.2", + "Name": "is-boolean-object", + "Identifier": { + "PURL": "pkg:npm/is-boolean-object@1.2.2", + "UID": "dc4fb1fa6f3d2bea" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-boolean-object/package.json" + }, + { + "ID": "is-buffer@1.1.6", + "Name": "is-buffer", + "Identifier": { + "PURL": "pkg:npm/is-buffer@1.1.6", + "UID": "b407864ee5b6273e" + }, + "Version": "1.1.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-buffer/package.json" + }, + { + "ID": "is-callable@1.2.7", + "Name": "is-callable", + "Identifier": { + "PURL": "pkg:npm/is-callable@1.2.7", + "UID": "7470e3f78bd4e802" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-callable/package.json" + }, + { + "ID": "is-core-module@2.16.1", + "Name": "is-core-module", + "Identifier": { + "PURL": "pkg:npm/is-core-module@2.16.1", + "UID": "bd3e08ec553fe03a" + }, + "Version": "2.16.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-core-module/package.json" + }, + { + "ID": "is-data-descriptor@1.0.1", + "Name": "is-data-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-data-descriptor@1.0.1", + "UID": "1327670eb9b9fa89" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-data-descriptor/package.json" + }, + { + "ID": "is-date-object@1.1.0", + "Name": "is-date-object", + "Identifier": { + "PURL": "pkg:npm/is-date-object@1.1.0", + "UID": "460bada676c3744a" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-date-object/package.json" + }, + { + "ID": "is-descriptor@0.1.7", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@0.1.7", + "UID": "8221b10ae4743ba2" + }, + "Version": "0.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/class-utils/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-descriptor@0.1.7", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@0.1.7", + "UID": "ffd9bfcfdb939192" + }, + "Version": "0.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-descriptor@0.1.7", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@0.1.7", + "UID": "ae86a2a9ace06c37" + }, + "Version": "0.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-copy/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-descriptor@0.1.7", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@0.1.7", + "UID": "1acc38a4a7a82199" + }, + "Version": "0.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-descriptor@0.1.7", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@0.1.7", + "UID": "f8459197c48a6db0" + }, + "Version": "0.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/static-extend/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-descriptor@1.0.3", + "Name": "is-descriptor", + "Identifier": { + "PURL": "pkg:npm/is-descriptor@1.0.3", + "UID": "30822d34776af1ca" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-descriptor/package.json" + }, + { + "ID": "is-expression@4.0.0", + "Name": "is-expression", + "Identifier": { + "PURL": "pkg:npm/is-expression@4.0.0", + "UID": "e8271c6f107b864a" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-expression/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "1d740d4c395927c8" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/braces/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "ef73bdb3f6dc410a" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "d4337da15279b0ba" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/extglob/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "b6852e17726c70b3" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fill-range/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "702ceeb5dd2a3aa4" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-value/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "99414d48edfc5145" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@0.1.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@0.1.1", + "UID": "3377966d87e55288" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/union-value/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extendable@1.0.1", + "Name": "is-extendable", + "Identifier": { + "PURL": "pkg:npm/is-extendable@1.0.1", + "UID": "c7065b07f5df3a3a" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-extendable/package.json" + }, + { + "ID": "is-extglob@2.1.1", + "Name": "is-extglob", + "Identifier": { + "PURL": "pkg:npm/is-extglob@2.1.1", + "UID": "bca030265d58191b" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-extglob/package.json" + }, + { + "ID": "is-fullwidth-code-point@1.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@1.0.0", + "UID": "3fca6b4bcf7a016c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gauge/node_modules/is-fullwidth-code-point/package.json" + }, + { + "ID": "is-fullwidth-code-point@2.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@2.0.0", + "UID": "f457daf8a7c1fc06" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wide-align/node_modules/is-fullwidth-code-point/package.json" + }, + { + "ID": "is-fullwidth-code-point@3.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", + "UID": "ddd84e29b922cd24" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-fullwidth-code-point/package.json" + }, + { + "ID": "is-generator-function@1.1.0", + "Name": "is-generator-function", + "Identifier": { + "PURL": "pkg:npm/is-generator-function@1.1.0", + "UID": "b769767ba8c1e926" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-generator-function/package.json" + }, + { + "ID": "is-glob@3.1.0", + "Name": "is-glob", + "Identifier": { + "PURL": "pkg:npm/is-glob@3.1.0", + "UID": "805d89ea8c21b93" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/findup-sync/node_modules/is-glob/package.json" + }, + { + "ID": "is-glob@4.0.3", + "Name": "is-glob", + "Identifier": { + "PURL": "pkg:npm/is-glob@4.0.3", + "UID": "2c87d2992cdf8b63" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-glob/package.json" + }, + { + "ID": "is-lambda@1.0.1", + "Name": "is-lambda", + "Identifier": { + "PURL": "pkg:npm/is-lambda@1.0.1", + "UID": "12aca4efeef570ae" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-lambda/package.json" + }, + { + "ID": "is-map@2.0.3", + "Name": "is-map", + "Identifier": { + "PURL": "pkg:npm/is-map@2.0.3", + "UID": "ed85ef7688d5bf40" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-map/package.json" + }, + { + "ID": "is-natural-number@4.0.1", + "Name": "is-natural-number", + "Identifier": { + "PURL": "pkg:npm/is-natural-number@4.0.1", + "UID": "d7abd84e711f517" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-natural-number/package.json" + }, + { + "ID": "is-number@3.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@3.0.0", + "UID": "41e4002371a14fe5" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-number/package.json" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "ddfc3d1c5381cbaa" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/is-number/package.json" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "96c4bc8a594c4c23" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/is-number/package.json" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "9edb540e8ed06af6" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/is-number/package.json" + }, + { + "ID": "is-number-like@1.0.8", + "Name": "is-number-like", + "Identifier": { + "PURL": "pkg:npm/is-number-like@1.0.8", + "UID": "c4a6c4a8d9b3b732" + }, + "Version": "1.0.8", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-number-like/package.json" + }, + { + "ID": "is-number-object@1.1.1", + "Name": "is-number-object", + "Identifier": { + "PURL": "pkg:npm/is-number-object@1.1.1", + "UID": "bf28e2d1176f005c" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-number-object/package.json" + }, + { + "ID": "is-object@1.0.2", + "Name": "is-object", + "Identifier": { + "PURL": "pkg:npm/is-object@1.0.2", + "UID": "787bd1f2b6ea1f3f" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-object/package.json" + }, + { + "ID": "is-plain-obj@1.1.0", + "Name": "is-plain-obj", + "Identifier": { + "PURL": "pkg:npm/is-plain-obj@1.1.0", + "UID": "4d9f1e4b787ac25e" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-plain-obj/package.json" + }, + { + "ID": "is-plain-object@2.0.4", + "Name": "is-plain-object", + "Identifier": { + "PURL": "pkg:npm/is-plain-object@2.0.4", + "UID": "39583457b98a1804" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-plain-object/package.json" + }, + { + "ID": "is-promise@2.2.2", + "Name": "is-promise", + "Identifier": { + "PURL": "pkg:npm/is-promise@2.2.2", + "UID": "3c28c436bd04ce18" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-promise/package.json" + }, + { + "ID": "is-regex@1.2.1", + "Name": "is-regex", + "Identifier": { + "PURL": "pkg:npm/is-regex@1.2.1", + "UID": "65905a98257184dc" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-regex/package.json" + }, + { + "ID": "is-relative@1.0.0", + "Name": "is-relative", + "Identifier": { + "PURL": "pkg:npm/is-relative@1.0.0", + "UID": "44419273e8f27f24" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-relative/package.json" + }, + { + "ID": "is-retry-allowed@1.2.0", + "Name": "is-retry-allowed", + "Identifier": { + "PURL": "pkg:npm/is-retry-allowed@1.2.0", + "UID": "2ff6c2f2ad298e94" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-retry-allowed/package.json" + }, + { + "ID": "is-set@2.0.3", + "Name": "is-set", + "Identifier": { + "PURL": "pkg:npm/is-set@2.0.3", + "UID": "daf99c40d367f129" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-set/package.json" + }, + { + "ID": "is-shared-array-buffer@1.0.4", + "Name": "is-shared-array-buffer", + "Identifier": { + "PURL": "pkg:npm/is-shared-array-buffer@1.0.4", + "UID": "48363fbaac23ad66" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-shared-array-buffer/package.json" + }, + { + "ID": "is-stream@1.1.0", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@1.1.0", + "UID": "9cbe73739d1a1c66" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-stream/package.json" + }, + { + "ID": "is-stream@2.0.1", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@2.0.1", + "UID": "e154722e3c8bf017" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston/node_modules/is-stream/package.json" + }, + { + "ID": "is-string@1.1.1", + "Name": "is-string", + "Identifier": { + "PURL": "pkg:npm/is-string@1.1.1", + "UID": "d4edda941311ebf5" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-string/package.json" + }, + { + "ID": "is-symbol@1.1.1", + "Name": "is-symbol", + "Identifier": { + "PURL": "pkg:npm/is-symbol@1.1.1", + "UID": "18cd2b2a743efe0d" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-symbol/package.json" + }, + { + "ID": "is-typed-array@1.1.15", + "Name": "is-typed-array", + "Identifier": { + "PURL": "pkg:npm/is-typed-array@1.1.15", + "UID": "f17a22a0537a91c8" + }, + "Version": "1.1.15", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-typed-array/package.json" + }, + { + "ID": "is-unc-path@1.0.0", + "Name": "is-unc-path", + "Identifier": { + "PURL": "pkg:npm/is-unc-path@1.0.0", + "UID": "b962f0c7daf1a6fd" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-unc-path/package.json" + }, + { + "ID": "is-weakmap@2.0.2", + "Name": "is-weakmap", + "Identifier": { + "PURL": "pkg:npm/is-weakmap@2.0.2", + "UID": "d50d54a27b91f00a" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-weakmap/package.json" + }, + { + "ID": "is-weakset@2.0.4", + "Name": "is-weakset", + "Identifier": { + "PURL": "pkg:npm/is-weakset@2.0.4", + "UID": "332134cd96f48dc3" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-weakset/package.json" + }, + { + "ID": "is-windows@1.0.2", + "Name": "is-windows", + "Identifier": { + "PURL": "pkg:npm/is-windows@1.0.2", + "UID": "13a0bbcb1760c540" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-windows/package.json" + }, + { + "ID": "isarray@0.0.1", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@0.0.1", + "UID": "3c94ff4fdd24f27e" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/isarray/package.json" + }, + { + "ID": "isarray@1.0.0", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@1.0.0", + "UID": "c3860473fa59c2f6" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-stream/node_modules/isarray/package.json" + }, + { + "ID": "isarray@1.0.0", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@1.0.0", + "UID": "1bf2d65bdbdfa5f9" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unset-value/node_modules/isarray/package.json" + }, + { + "ID": "isarray@2.0.5", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@2.0.5", + "UID": "3f5f38193c9db26d" + }, + "Version": "2.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/isarray/package.json" + }, + { + "ID": "isexe@2.0.0", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@2.0.0", + "UID": "e020376c0759246c" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/isexe/package.json" + }, + { + "ID": "isexe@3.1.1", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@3.1.1", + "UID": "294917056871b976" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-gyp/node_modules/isexe/package.json" + }, + { + "ID": "isobject@2.1.0", + "Name": "isobject", + "Identifier": { + "PURL": "pkg:npm/isobject@2.1.0", + "UID": "ae7a3b84d16271fd" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unset-value/node_modules/has-value/node_modules/isobject/package.json" + }, + { + "ID": "isobject@3.0.1", + "Name": "isobject", + "Identifier": { + "PURL": "pkg:npm/isobject@3.0.1", + "UID": "f5a3919c60e0726b" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/isobject/package.json" + }, + { + "ID": "isomorphic-ws@5.0.0", + "Name": "isomorphic-ws", + "Identifier": { + "PURL": "pkg:npm/isomorphic-ws@5.0.0", + "UID": "6d61744bf3aee671" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/isomorphic-ws/package.json" + }, + { + "ID": "isurl@1.0.0", + "Name": "isurl", + "Identifier": { + "PURL": "pkg:npm/isurl@1.0.0", + "UID": "accc48722cae2df1" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/isurl/package.json" + }, + { + "ID": "jackspeak@3.4.3", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@3.4.3", + "UID": "ec5b804961c3dda7" + }, + "Version": "3.4.3", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jackspeak/package.json" + }, + { + "ID": "js-stringify@1.0.2", + "Name": "js-stringify", + "Identifier": { + "PURL": "pkg:npm/js-stringify@1.0.2", + "UID": "d0be4da2e8cdffd4" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/js-stringify/package.json" + }, + { + "ID": "js-tokens@4.0.0", + "Name": "js-tokens", + "Identifier": { + "PURL": "pkg:npm/js-tokens@4.0.0", + "UID": "c684015b0cbfb3c3" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/js-tokens/package.json" + }, + { + "ID": "js-yaml@3.14.1", + "Name": "js-yaml", + "Identifier": { + "PURL": "pkg:npm/js-yaml@3.14.1", + "UID": "a0728c92f396e12f" + }, + "Version": "3.14.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/js-yaml/package.json" + }, + { + "ID": "json-buffer@3.0.0", + "Name": "json-buffer", + "Identifier": { + "PURL": "pkg:npm/json-buffer@3.0.0", + "UID": "9f203273e988c70" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacheable-request/node_modules/json-buffer/package.json" + }, + { + "ID": "json5@2.2.3", + "Name": "json5", + "Identifier": { + "PURL": "pkg:npm/json5@2.2.3", + "UID": "e6923826767cc18" + }, + "Version": "2.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/json5/package.json" + }, + { + "ID": "jsonfile@6.2.0", + "Name": "jsonfile", + "Identifier": { + "PURL": "pkg:npm/jsonfile@6.2.0", + "UID": "96fb0dd10288b740" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jsonfile/package.json" + }, + { + "ID": "jsonwebtoken@0.1.0", + "Name": "jsonwebtoken", + "Identifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json" + }, + { + "ID": "jsonwebtoken@0.4.0", + "Name": "jsonwebtoken", + "Identifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jsonwebtoken/package.json" + }, + { + "ID": "jssha@3.3.1", + "Name": "jssha", + "Identifier": { + "PURL": "pkg:npm/jssha@3.3.1", + "UID": "2066edc61a4a20a9" + }, + "Version": "3.3.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jssha/package.json" + }, + { + "ID": "jstransformer@1.0.0", + "Name": "jstransformer", + "Identifier": { + "PURL": "pkg:npm/jstransformer@1.0.0", + "UID": "87e39d2c9ef64fe5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jstransformer/package.json" + }, + { + "ID": "juice-shop@19.0.0", + "Name": "juice-shop", + "Identifier": { + "PURL": "pkg:npm/juice-shop@19.0.0", + "UID": "7a1d6d43e80498a1" + }, + "Version": "19.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/build/package.json" + }, + { + "ID": "juice-shop@19.0.0", + "Name": "juice-shop", + "Identifier": { + "PURL": "pkg:npm/juice-shop@19.0.0", + "UID": "7a980b5a991ef08" + }, + "Version": "19.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/package.json" + }, + { + "ID": "juicy-chat-bot@0.9.0", + "Name": "juicy-chat-bot", + "Identifier": { + "PURL": "pkg:npm/juicy-chat-bot@0.9.0", + "UID": "251e3e0df922bb88" + }, + "Version": "0.9.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/juicy-chat-bot/package.json" + }, + { + "ID": "jwa@0.0.1", + "Name": "jwa", + "Identifier": { + "PURL": "pkg:npm/jwa@0.0.1", + "UID": "266784094e4f7609" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jwa/package.json" + }, + { + "ID": "jws@0.2.6", + "Name": "jws", + "Identifier": { + "PURL": "pkg:npm/jws@0.2.6", + "UID": "da4a6fd70bb8e740" + }, + "Version": "0.2.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/jws/package.json" + }, + { + "ID": "keyv@3.0.0", + "Name": "keyv", + "Identifier": { + "PURL": "pkg:npm/keyv@3.0.0", + "UID": "acd65a778d063d11" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacheable-request/node_modules/keyv/package.json" + }, + { + "ID": "kind-of@3.2.2", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@3.2.2", + "UID": "18ec5377ff1ef6c4" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/is-number/node_modules/kind-of/package.json" + }, + { + "ID": "kind-of@3.2.2", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@3.2.2", + "UID": "4106574a3b2904f" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-copy/node_modules/kind-of/package.json" + }, + { + "ID": "kind-of@3.2.2", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@3.2.2", + "UID": "c1872e4d72100bcd" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon-util/node_modules/kind-of/package.json" + }, + { + "ID": "kind-of@3.2.2", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@3.2.2", + "UID": "2e1c6869ee5bc68d" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/to-object-path/node_modules/kind-of/package.json" + }, + { + "ID": "kind-of@4.0.0", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@4.0.0", + "UID": "4d766ff0e45d4a4d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/has-values/node_modules/kind-of/package.json" + }, + { + "ID": "kind-of@6.0.3", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@6.0.3", + "UID": "9fae9d52a49e5eaa" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/kind-of/package.json" + }, + { + "ID": "kuler@2.0.0", + "Name": "kuler", + "Identifier": { + "PURL": "pkg:npm/kuler@2.0.0", + "UID": "c0f800b59cea82af" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/kuler/package.json" + }, + { + "ID": "lazystream@1.0.1", + "Name": "lazystream", + "Identifier": { + "PURL": "pkg:npm/lazystream@1.0.1", + "UID": "7a2dbf296d396d4c" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lazystream/package.json" + }, + { + "ID": "libxmljs2@0.37.0", + "Name": "libxmljs2", + "Identifier": { + "PURL": "pkg:npm/libxmljs2@0.37.0", + "UID": "9f7a5c0f839cffed" + }, + "Version": "0.37.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/package.json" + }, + { + "ID": "liftup@3.0.1", + "Name": "liftup", + "Identifier": { + "PURL": "pkg:npm/liftup@3.0.1", + "UID": "d2fdbf3bbfc63749" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/package.json" + }, + { + "ID": "linebreak@1.1.0", + "Name": "linebreak", + "Identifier": { + "PURL": "pkg:npm/linebreak@1.1.0", + "UID": "7427b404cfc53bca" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/linebreak/package.json" + }, + { + "ID": "listenercount@1.0.1", + "Name": "listenercount", + "Identifier": { + "PURL": "pkg:npm/listenercount@1.0.1", + "UID": "dafe9a7c4d887280" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/listenercount/package.json" + }, + { + "ID": "ljharb-monorepo-symlink-test@0.0.0", + "Name": "ljharb-monorepo-symlink-test", + "Identifier": { + "PURL": "pkg:npm/ljharb-monorepo-symlink-test@0.0.0", + "UID": "d8290eb299c7fbcb" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve/test/resolver/multirepo/package.json" + }, + { + "ID": "locate-path@5.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@5.0.0", + "UID": "42bcb370bb70e9c6" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/locate-path/package.json" + }, + { + "ID": "lodash@2.4.2", + "Name": "lodash", + "Identifier": { + "PURL": "pkg:npm/lodash@2.4.2", + "UID": "2055fc9d42487aec" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json" + }, + { + "ID": "lodash@4.17.21", + "Name": "lodash", + "Identifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "894cfc7c52dcab33" + }, + "Version": "4.17.21", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lodash/package.json" + }, + { + "ID": "lodash.camelcase@4.3.0", + "Name": "lodash.camelcase", + "Identifier": { + "PURL": "pkg:npm/lodash.camelcase@4.3.0", + "UID": "185fcec54d608a7b" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lodash.camelcase/package.json" + }, + { + "ID": "lodash.isfinite@3.3.2", + "Name": "lodash.isfinite", + "Identifier": { + "PURL": "pkg:npm/lodash.isfinite@3.3.2", + "UID": "a51ac527a6c0162b" + }, + "Version": "3.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lodash.isfinite/package.json" + }, + { + "ID": "lodash.set@4.3.2", + "Name": "lodash.set", + "Identifier": { + "PURL": "pkg:npm/lodash.set@4.3.2", + "UID": "91ab835ab813b84b" + }, + "Version": "4.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lodash.set/package.json" + }, + { + "ID": "logform@2.7.0", + "Name": "logform", + "Identifier": { + "PURL": "pkg:npm/logform@2.7.0", + "UID": "aa122b319b3bf3c6" + }, + "Version": "2.7.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/logform/package.json" + }, + { + "ID": "lolex@1.3.2", + "Name": "lolex", + "Identifier": { + "PURL": "pkg:npm/lolex@1.3.2", + "UID": "bdcae89178bf3062" + }, + "Version": "1.3.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lolex/package.json" + }, + { + "ID": "loose-envify@1.4.0", + "Name": "loose-envify", + "Identifier": { + "PURL": "pkg:npm/loose-envify@1.4.0", + "UID": "354621f2bf6d68ad" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/loose-envify/package.json" + }, + { + "ID": "lowercase-keys@1.0.0", + "Name": "lowercase-keys", + "Identifier": { + "PURL": "pkg:npm/lowercase-keys@1.0.0", + "UID": "3f17152889a149ff" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/lowercase-keys/package.json" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "f9848a194758c7c3" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@npmcli/agent/node_modules/lru-cache/package.json" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "6cf8e42ad452aa9d" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacache/node_modules/lru-cache/package.json" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "f01b6b6bbdfcd5f0" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-scurry/node_modules/lru-cache/package.json" + }, + { + "ID": "lru-cache@6.0.0", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@6.0.0", + "UID": "4471d735b273f96c" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/lru-cache/package.json" + }, + { + "ID": "make-dir@1.3.0", + "Name": "make-dir", + "Identifier": { + "PURL": "pkg:npm/make-dir@1.3.0", + "UID": "86ba661be0a4b21c" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress/node_modules/make-dir/package.json" + }, + { + "ID": "make-dir@2.1.0", + "Name": "make-dir", + "Identifier": { + "PURL": "pkg:npm/make-dir@2.1.0", + "UID": "4be4fb2c1b22e138" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-dir/package.json" + }, + { + "ID": "make-error@1.3.6", + "Name": "make-error", + "Identifier": { + "PURL": "pkg:npm/make-error@1.3.6", + "UID": "f424fef3d01e6f6d" + }, + "Version": "1.3.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-error/package.json" + }, + { + "ID": "make-fetch-happen@14.0.3", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@14.0.3", + "UID": "dc73c89da895e0e4" + }, + "Version": "14.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-fetch-happen/package.json" + }, + { + "ID": "make-fetch-happen@9.1.0", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@9.1.0", + "UID": "2d8c0c153169b23d" + }, + "Version": "9.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/make-fetch-happen/package.json" + }, + { + "ID": "make-iterator@1.0.1", + "Name": "make-iterator", + "Identifier": { + "PURL": "pkg:npm/make-iterator@1.0.1", + "UID": "44db8d870b46507" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-iterator/package.json" + }, + { + "ID": "make-plural@4.3.0", + "Name": "make-plural", + "Identifier": { + "PURL": "pkg:npm/make-plural@4.3.0", + "UID": "8367380a32465034" + }, + "Version": "4.3.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/messageformat/node_modules/make-plural/package.json" + }, + { + "ID": "make-plural@6.2.2", + "Name": "make-plural", + "Identifier": { + "PURL": "pkg:npm/make-plural@6.2.2", + "UID": "47778b237a9d16ce" + }, + "Version": "6.2.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-plural/package.json" + }, + { + "ID": "map-cache@0.2.2", + "Name": "map-cache", + "Identifier": { + "PURL": "pkg:npm/map-cache@0.2.2", + "UID": "dffc96271ad29922" + }, + "Version": "0.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/map-cache/package.json" + }, + { + "ID": "map-visit@1.0.0", + "Name": "map-visit", + "Identifier": { + "PURL": "pkg:npm/map-visit@1.0.0", + "UID": "e7cec7b98e52a167" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/map-visit/package.json" + }, + { + "ID": "marsdb@0.6.11", + "Name": "marsdb", + "Identifier": { + "PURL": "pkg:npm/marsdb@0.6.11", + "UID": "54edd9a172aae6f9" + }, + "Version": "0.6.11", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/marsdb/package.json" + }, + { + "ID": "math-interval-parser@2.0.1", + "Name": "math-interval-parser", + "Identifier": { + "PURL": "pkg:npm/math-interval-parser@2.0.1", + "UID": "7b080781757f2551" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/math-interval-parser/package.json" + }, + { + "ID": "math-intrinsics@1.1.0", + "Name": "math-intrinsics", + "Identifier": { + "PURL": "pkg:npm/math-intrinsics@1.1.0", + "UID": "b2eda7f3b807f614" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/math-intrinsics/package.json" + }, + { + "ID": "media-typer@0.3.0", + "Name": "media-typer", + "Identifier": { + "PURL": "pkg:npm/media-typer@0.3.0", + "UID": "7f3b2c81b6068630" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/media-typer/package.json" + }, + { + "ID": "median@0.0.2", + "Name": "median", + "Identifier": { + "PURL": "pkg:npm/median@0.0.2", + "UID": "c38ee3e618b31d2e" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/median/package.json" + }, + { + "ID": "merge-descriptors@1.0.3", + "Name": "merge-descriptors", + "Identifier": { + "PURL": "pkg:npm/merge-descriptors@1.0.3", + "UID": "2225c5fe10b427d3" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/merge-descriptors/package.json" + }, + { + "ID": "messageformat@2.3.0", + "Name": "messageformat", + "Identifier": { + "PURL": "pkg:npm/messageformat@2.3.0", + "UID": "9103fbfc5c47243d" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/messageformat/package.json" + }, + { + "ID": "messageformat-formatters@2.0.1", + "Name": "messageformat-formatters", + "Identifier": { + "PURL": "pkg:npm/messageformat-formatters@2.0.1", + "UID": "2a6839f1a5ffc8e5" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/messageformat-formatters/package.json" + }, + { + "ID": "messageformat-parser@4.1.3", + "Name": "messageformat-parser", + "Identifier": { + "PURL": "pkg:npm/messageformat-parser@4.1.3", + "UID": "bbdfd8eb02f0f0a7" + }, + "Version": "4.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/messageformat-parser/package.json" + }, + { + "ID": "methods@1.1.2", + "Name": "methods", + "Identifier": { + "PURL": "pkg:npm/methods@1.1.2", + "UID": "4fe6eea806dd120f" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/methods/package.json" + }, + { + "ID": "micromatch@3.1.10", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@3.1.10", + "UID": "dff9b87c3884f86c" + }, + "Version": "3.1.10", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/micromatch/package.json" + }, + { + "ID": "micromatch@4.0.8", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@4.0.8", + "UID": "7b6de816f7d13876" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/micromatch/package.json" + }, + { + "ID": "micromatch@4.0.8", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@4.0.8", + "UID": "7a9af30472c8c44c" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/micromatch/package.json" + }, + { + "ID": "mime@1.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@1.6.0", + "UID": "e97d4302f2645735" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mime/package.json" + }, + { + "ID": "mime-db@1.52.0", + "Name": "mime-db", + "Identifier": { + "PURL": "pkg:npm/mime-db@1.52.0", + "UID": "18f7e61baf111160" + }, + "Version": "1.52.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mime-db/package.json" + }, + { + "ID": "mime-types@2.1.35", + "Name": "mime-types", + "Identifier": { + "PURL": "pkg:npm/mime-types@2.1.35", + "UID": "46e9fe6e86ec2b2e" + }, + "Version": "2.1.35", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mime-types/package.json" + }, + { + "ID": "mimic-response@1.0.1", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@1.0.1", + "UID": "5d5994c87814f631" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mimic-response/package.json" + }, + { + "ID": "mimic-response@2.1.0", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@2.1.0", + "UID": "75ab8c6a99b07cdf" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-get/node_modules/mimic-response/package.json" + }, + { + "ID": "mimic-response@3.1.0", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@3.1.0", + "UID": "442d052a03c7e607" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/mimic-response/package.json" + }, + { + "ID": "mimic-response@3.1.0", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@3.1.0", + "UID": "c0f66a0708eda46d" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/mimic-response/package.json" + }, + { + "ID": "minami@1.1.1", + "Name": "minami", + "Identifier": { + "PURL": "pkg:npm/minami@1.1.1", + "UID": "4ff2944c8959f3d4" + }, + "Version": "1.1.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-js/docconfig/template/package.json" + }, + { + "ID": "minami@1.1.1", + "Name": "minami", + "Identifier": { + "PURL": "pkg:npm/minami@1.1.1", + "UID": "3b0029192b72155a" + }, + "Version": "1.1.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filehound/docconfig/template/package.json" + }, + { + "ID": "minami@1.1.1", + "Name": "minami", + "Identifier": { + "PURL": "pkg:npm/minami@1.1.1", + "UID": "3040db99e828318c" + }, + "Version": "1.1.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filesniffer/docconfig/template/package.json" + }, + { + "ID": "minimatch@3.0.5", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.0.5", + "UID": "4c45323ea8c03750" + }, + "Version": "3.0.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.0.8", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.0.8", + "UID": "e0ea5c02f9b0af76" + }, + "Version": "3.0.8", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "9e9f99367f4540d9" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver-utils/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "fb4cc00ba8a9dbe9" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/archiver/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "9d6c5e32314be8e9" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/file-js/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "6f131f5586221b4a" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "bfd6c43b6d042cdd" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ignore-walk/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "f1da994ca61d1e50" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "c9710be58c747d53" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rimraf/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "c4fdbfb137a83cd7" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "f80a716286a1601f" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@5.1.6", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@5.1.6", + "UID": "e4837f4df8e73737" + }, + "Version": "5.1.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filehound/node_modules/minimatch/package.json" + }, + { + "ID": "minimatch@9.0.5", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "9725cd6c1b11e02f" + }, + "Version": "9.0.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/glob/node_modules/minimatch/package.json" + }, + { + "ID": "minimist@0.2.4", + "Name": "minimist", + "Identifier": { + "PURL": "pkg:npm/minimist@0.2.4", + "UID": "3852fc1196ed77c4" + }, + "Version": "0.2.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/bower-config/node_modules/minimist/package.json" + }, + { + "ID": "minimist@1.2.8", + "Name": "minimist", + "Identifier": { + "PURL": "pkg:npm/minimist@1.2.8", + "UID": "cd984c12d38ed503" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minimist/package.json" + }, + { + "ID": "minipass@2.9.0", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@2.9.0", + "UID": "25b3062cdcb77bf8" + }, + "Version": "2.9.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/minipass/package.json" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "21aef22bd7f68324" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-flush/node_modules/minipass/package.json" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "e100477e8f3ed555" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-pipeline/node_modules/minipass/package.json" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "4fd833f86495a384" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-sized/node_modules/minipass/package.json" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "c858e8bfacf03193" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/minipass/package.json" + }, + { + "ID": "minipass@5.0.0", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@5.0.0", + "UID": "6e1b6694758cd174" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/tar/node_modules/minipass/package.json" + }, + { + "ID": "minipass@7.1.2", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@7.1.2", + "UID": "c0858b7ed3e2a348" + }, + "Version": "7.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass/package.json" + }, + { + "ID": "minipass-collect@1.0.2", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@1.0.2", + "UID": "8b047664e7ae65e9" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/minipass-collect/package.json" + }, + { + "ID": "minipass-collect@2.0.1", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@2.0.1", + "UID": "e2229f3ff0e7e669" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-collect/package.json" + }, + { + "ID": "minipass-fetch@1.4.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@1.4.1", + "UID": "b50b1dceaa7ef5c7" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/minipass-fetch/package.json" + }, + { + "ID": "minipass-fetch@4.0.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@4.0.1", + "UID": "237a50c4a27adf9f" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-fetch/package.json" + }, + { + "ID": "minipass-flush@1.0.5", + "Name": "minipass-flush", + "Identifier": { + "PURL": "pkg:npm/minipass-flush@1.0.5", + "UID": "277bfd2b67a1ff35" + }, + "Version": "1.0.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-flush/package.json" + }, + { + "ID": "minipass-pipeline@1.2.4", + "Name": "minipass-pipeline", + "Identifier": { + "PURL": "pkg:npm/minipass-pipeline@1.2.4", + "UID": "c8ba87c4ce4ee575" + }, + "Version": "1.2.4", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-pipeline/package.json" + }, + { + "ID": "minipass-sized@1.0.3", + "Name": "minipass-sized", + "Identifier": { + "PURL": "pkg:npm/minipass-sized@1.0.3", + "UID": "c2a200944af1ca29" + }, + "Version": "1.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-sized/package.json" + }, + { + "ID": "minizlib@1.3.3", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@1.3.3", + "UID": "f4b6f78e1c1946a2" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/minizlib/package.json" + }, + { + "ID": "minizlib@2.1.2", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@2.1.2", + "UID": "e4c18192ab01882e" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/minizlib/package.json" + }, + { + "ID": "minizlib@3.0.2", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@3.0.2", + "UID": "171108a92448ba09" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minizlib/package.json" + }, + { + "ID": "mixin-deep@1.3.2", + "Name": "mixin-deep", + "Identifier": { + "PURL": "pkg:npm/mixin-deep@1.3.2", + "UID": "4d38a7be6c8ba355" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mixin-deep/package.json" + }, + { + "ID": "mkdirp@0.5.6", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@0.5.6", + "UID": "ec145992d319fd16" + }, + "Version": "0.5.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/node_modules/mkdirp/package.json" + }, + { + "ID": "mkdirp@0.5.6", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@0.5.6", + "UID": "4d0e9c611f9d6fcc" + }, + "Version": "0.5.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/multer/node_modules/mkdirp/package.json" + }, + { + "ID": "mkdirp@0.5.6", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@0.5.6", + "UID": "1a8554225e74572d" + }, + "Version": "0.5.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/mkdirp/package.json" + }, + { + "ID": "mkdirp@1.0.4", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@1.0.4", + "UID": "590c2f83228c79a4" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mkdirp/package.json" + }, + { + "ID": "mkdirp@3.0.1", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@3.0.1", + "UID": "82920f6a54531e87" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar/node_modules/mkdirp/dist/cjs/package.json" + }, + { + "ID": "mkdirp@3.0.1", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@3.0.1", + "UID": "26221ff41b5a162" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar/node_modules/mkdirp/package.json" + }, + { + "ID": "mkdirp-classic@0.5.3", + "Name": "mkdirp-classic", + "Identifier": { + "PURL": "pkg:npm/mkdirp-classic@0.5.3", + "UID": "b8e8400c1f5c28c9" + }, + "Version": "0.5.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mkdirp-classic/package.json" + }, + { + "ID": "moment@2.0.0", + "Name": "moment", + "Identifier": { + "PURL": "pkg:npm/moment@2.0.0", + "UID": "83a43873d3018a1f" + }, + "Version": "2.0.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express-jwt/node_modules/moment/package.json" + }, + { + "ID": "moment@2.30.1", + "Name": "moment", + "Identifier": { + "PURL": "pkg:npm/moment@2.30.1", + "UID": "935495bf18fda6cf" + }, + "Version": "2.30.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/moment/package.json" + }, + { + "ID": "moment-timezone@0.5.48", + "Name": "moment-timezone", + "Identifier": { + "PURL": "pkg:npm/moment-timezone@0.5.48", + "UID": "bfe6bed108f8e9d4" + }, + "Version": "0.5.48", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/moment-timezone/package.json" + }, + { + "ID": "morgan@1.10.1", + "Name": "morgan", + "Identifier": { + "PURL": "pkg:npm/morgan@1.10.1", + "UID": "28079c89178f7a67" + }, + "Version": "1.10.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/package.json" + }, + { + "ID": "mout@1.2.4", + "Name": "mout", + "Identifier": { + "PURL": "pkg:npm/mout@1.2.4", + "UID": "5878aa951c04ddbd" + }, + "Version": "1.2.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mout/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "2f860623ea459740" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/body-parser/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "40831a7560f5cdff" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/compression/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "187e1b1684d34a85" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/expand-brackets/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "e4a0c8e160fd27dc" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/express/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "875e35b086973e35" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/finalhandler/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "2d6040d29000eac6" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "64c56ecc57b5231e" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/send/node_modules/debug/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "d4430447ac455afe" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/ms/package.json" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "bd418640125fdad8" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/ms/package.json" + }, + { + "ID": "ms@2.1.3", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.1.3", + "UID": "d24f2e7ebe71a5b0" + }, + "Version": "2.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ms/package.json" + }, + { + "ID": "multer@1.4.5-lts.2", + "Name": "multer", + "Identifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "d60c4000df10abea" + }, + "Version": "1.4.5-lts.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/multer/package.json" + }, + { + "ID": "mustache@4.2.0", + "Name": "mustache", + "Identifier": { + "PURL": "pkg:npm/mustache@4.2.0", + "UID": "7ffc46abd49bb762" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/mustache/package.json" + }, + { + "ID": "mylib@0.0.0", + "Name": "mylib", + "Identifier": { + "PURL": "pkg:npm/mylib@0.0.0", + "UID": "d7298afe2c70526d" + }, + "Version": "0.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve/test/resolver/nested_symlinks/mylib/package.json" + }, + { + "ID": "nan@2.22.2", + "Name": "nan", + "Identifier": { + "PURL": "pkg:npm/nan@2.22.2", + "UID": "dc5be4e4fc5e2dd6" + }, + "Version": "2.22.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/nan/package.json" + }, + { + "ID": "nanomatch@1.2.13", + "Name": "nanomatch", + "Identifier": { + "PURL": "pkg:npm/nanomatch@1.2.13", + "UID": "73db8a1aca78dd9d" + }, + "Version": "1.2.13", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/nanomatch/package.json" + }, + { + "ID": "napi-build-utils@1.0.2", + "Name": "napi-build-utils", + "Identifier": { + "PURL": "pkg:npm/napi-build-utils@1.0.2", + "UID": "ed3f3e18ad1fe769" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/napi-build-utils/package.json" + }, + { + "ID": "napi-build-utils@2.0.0", + "Name": "napi-build-utils", + "Identifier": { + "PURL": "pkg:npm/napi-build-utils@2.0.0", + "UID": "20ff3c3ccc8e8fae" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/napi-build-utils/package.json" + }, + { + "ID": "napi-build-utils@2.0.0", + "Name": "napi-build-utils", + "Identifier": { + "PURL": "pkg:npm/napi-build-utils@2.0.0", + "UID": "7fae4347fce9dadc" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/napi-build-utils/package.json" + }, + { + "ID": "needle@2.9.1", + "Name": "needle", + "Identifier": { + "PURL": "pkg:npm/needle@2.9.1", + "UID": "a8a0de34125673d1" + }, + "Version": "2.9.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/needle/package.json" + }, + { + "ID": "negotiator@0.6.3", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.3", + "UID": "fb5391c6f28904cd" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/accepts/node_modules/negotiator/package.json" + }, + { + "ID": "negotiator@0.6.4", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.4", + "UID": "735e9b76f92ff4df" + }, + "Version": "0.6.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/negotiator/package.json" + }, + { + "ID": "negotiator@1.0.0", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@1.0.0", + "UID": "cc20651388f304fb" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-fetch-happen/node_modules/negotiator/package.json" + }, + { + "ID": "neo-async@2.6.2", + "Name": "neo-async", + "Identifier": { + "PURL": "pkg:npm/neo-async@2.6.2", + "UID": "df421bca017e36e8" + }, + "Version": "2.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/neo-async/package.json" + }, + { + "ID": "node-abi@2.30.1", + "Name": "node-abi", + "Identifier": { + "PURL": "pkg:npm/node-abi@2.30.1", + "UID": "bb6f3ef1c7475994" + }, + "Version": "2.30.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-abi/package.json" + }, + { + "ID": "node-abi@3.77.0", + "Name": "node-abi", + "Identifier": { + "PURL": "pkg:npm/node-abi@3.77.0", + "UID": "9e20eafc4bed37f5" + }, + "Version": "3.77.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/node-abi/package.json" + }, + { + "ID": "node-abi@3.77.0", + "Name": "node-abi", + "Identifier": { + "PURL": "pkg:npm/node-abi@3.77.0", + "UID": "ee7fec3142f7f84f" + }, + "Version": "3.77.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/node-abi/package.json" + }, + { + "ID": "node-addon-api@7.1.1", + "Name": "node-addon-api", + "Identifier": { + "PURL": "pkg:npm/node-addon-api@7.1.1", + "UID": "7c4cd13167d6cfb0" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-addon-api/package.json" + }, + { + "ID": "node-fetch@2.7.0", + "Name": "node-fetch", + "Identifier": { + "PURL": "pkg:npm/node-fetch@2.7.0", + "UID": "852d99782d2c27bf" + }, + "Version": "2.7.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-fetch/package.json" + }, + { + "ID": "node-gyp@11.4.2", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@11.4.2", + "UID": "5e0c2aa15c08c656" + }, + "Version": "11.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-gyp/package.json" + }, + { + "ID": "node-gyp@8.4.1", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@8.4.1", + "UID": "6056426ea83a909e" + }, + "Version": "8.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/node-gyp/package.json" + }, + { + "ID": "node-pre-gyp@0.15.0", + "Name": "node-pre-gyp", + "Identifier": { + "PURL": "pkg:npm/node-pre-gyp@0.15.0", + "UID": "16ceb8076f9db0fa" + }, + "Version": "0.15.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/package.json" + }, + { + "ID": "noop-logger@0.1.1", + "Name": "noop-logger", + "Identifier": { + "PURL": "pkg:npm/noop-logger@0.1.1", + "UID": "1936465a4372d059" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/noop-logger/package.json" + }, + { + "ID": "nopt@3.0.6", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@3.0.6", + "UID": "ff3a436b6cb7de87" + }, + "Version": "3.0.6", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/nopt/package.json" + }, + { + "ID": "nopt@4.0.3", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@4.0.3", + "UID": "b36a7a3adf763075" + }, + "Version": "4.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/grunt-cli/node_modules/nopt/package.json" + }, + { + "ID": "nopt@4.0.3", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@4.0.3", + "UID": "6671b57ff2df832f" + }, + "Version": "4.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/nopt/package.json" + }, + { + "ID": "nopt@5.0.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@5.0.0", + "UID": "44c93076dbf8fee" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/nopt/package.json" + }, + { + "ID": "nopt@8.1.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@8.1.0", + "UID": "d21a1c3fe58d8b80" + }, + "Version": "8.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-gyp/node_modules/nopt/package.json" + }, + { + "ID": "normalize-path@2.1.1", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@2.1.1", + "UID": "333b3a5e9553dd7c" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/normalize-path/package.json" + }, + { + "ID": "normalize-path@3.0.0", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@3.0.0", + "UID": "2ba76f1e8fb104c5" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/anymatch/node_modules/normalize-path/package.json" + }, + { + "ID": "normalize-path@3.0.0", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@3.0.0", + "UID": "c5cf5ec92e1d5170" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/normalize-path/package.json" + }, + { + "ID": "normalize-url@2.0.1", + "Name": "normalize-url", + "Identifier": { + "PURL": "pkg:npm/normalize-url@2.0.1", + "UID": "19ce5fcd7ccf0c53" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/normalize-url/package.json" + }, + { + "ID": "notevil@1.3.3", + "Name": "notevil", + "Identifier": { + "PURL": "pkg:npm/notevil@1.3.3", + "UID": "3e66e3cc17ffdfc2" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/notevil/package.json" + }, + { + "ID": "npm-bundled@1.1.2", + "Name": "npm-bundled", + "Identifier": { + "PURL": "pkg:npm/npm-bundled@1.1.2", + "UID": "5867928ed543f901" + }, + "Version": "1.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/npm-bundled/package.json" + }, + { + "ID": "npm-normalize-package-bin@1.0.1", + "Name": "npm-normalize-package-bin", + "Identifier": { + "PURL": "pkg:npm/npm-normalize-package-bin@1.0.1", + "UID": "dd5537677201acd6" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/npm-normalize-package-bin/package.json" + }, + { + "ID": "npm-packlist@1.4.8", + "Name": "npm-packlist", + "Identifier": { + "PURL": "pkg:npm/npm-packlist@1.4.8", + "UID": "fc1196165c737061" + }, + "Version": "1.4.8", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/npm-packlist/package.json" + }, + { + "ID": "npmlog@4.1.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@4.1.2", + "UID": "a91f2a191656352e" + }, + "Version": "4.1.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/npmlog/package.json" + }, + { + "ID": "npmlog@6.0.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@6.0.2", + "UID": "42d1cd6393bab8b0" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/npmlog/package.json" + }, + { + "ID": "number-is-nan@1.0.1", + "Name": "number-is-nan", + "Identifier": { + "PURL": "pkg:npm/number-is-nan@1.0.1", + "UID": "49619f261be92f5b" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/number-is-nan/package.json" + }, + { + "ID": "nw-pre-gyp-module-test@0.0.1", + "Name": "nw-pre-gyp-module-test", + "Identifier": { + "PURL": "pkg:npm/nw-pre-gyp-module-test@0.0.1", + "UID": "26f13a4ae3307c9d" + }, + "Version": "0.0.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/lib/util/nw-pre-gyp/package.json" + }, + { + "ID": "object-assign@4.1.1", + "Name": "object-assign", + "Identifier": { + "PURL": "pkg:npm/object-assign@4.1.1", + "UID": "de493aba5b3aee17" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-assign/package.json" + }, + { + "ID": "object-copy@0.1.0", + "Name": "object-copy", + "Identifier": { + "PURL": "pkg:npm/object-copy@0.1.0", + "UID": "c929daddfc818dee" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-copy/package.json" + }, + { + "ID": "object-inspect@1.13.4", + "Name": "object-inspect", + "Identifier": { + "PURL": "pkg:npm/object-inspect@1.13.4", + "UID": "b331e6263df7f9db" + }, + "Version": "1.13.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-inspect/package.json" + }, + { + "ID": "object-is@1.1.6", + "Name": "object-is", + "Identifier": { + "PURL": "pkg:npm/object-is@1.1.6", + "UID": "b6ba9f3c4cd837d3" + }, + "Version": "1.1.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-is/package.json" + }, + { + "ID": "object-keys@1.1.1", + "Name": "object-keys", + "Identifier": { + "PURL": "pkg:npm/object-keys@1.1.1", + "UID": "9576d88471f1c2c" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-keys/package.json" + }, + { + "ID": "object-visit@1.0.1", + "Name": "object-visit", + "Identifier": { + "PURL": "pkg:npm/object-visit@1.0.1", + "UID": "d046996e014b9d50" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object-visit/package.json" + }, + { + "ID": "object.assign@4.1.7", + "Name": "object.assign", + "Identifier": { + "PURL": "pkg:npm/object.assign@4.1.7", + "UID": "57d2fbc27cc5291d" + }, + "Version": "4.1.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object.assign/package.json" + }, + { + "ID": "object.defaults@1.1.0", + "Name": "object.defaults", + "Identifier": { + "PURL": "pkg:npm/object.defaults@1.1.0", + "UID": "27defa809ba0bff8" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object.defaults/package.json" + }, + { + "ID": "object.map@1.0.1", + "Name": "object.map", + "Identifier": { + "PURL": "pkg:npm/object.map@1.0.1", + "UID": "cd3fa7995af9c120" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object.map/package.json" + }, + { + "ID": "object.pick@1.3.0", + "Name": "object.pick", + "Identifier": { + "PURL": "pkg:npm/object.pick@1.3.0", + "UID": "5962bace02c45af0" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/object.pick/package.json" + }, + { + "ID": "on-finished@2.3.0", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.3.0", + "UID": "fac2857a62af840f" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/node_modules/on-finished/package.json" + }, + { + "ID": "on-finished@2.4.1", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.4.1", + "UID": "2802d7b9280dd3a0" + }, + "Version": "2.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/on-finished/package.json" + }, + { + "ID": "on-headers@1.1.0", + "Name": "on-headers", + "Identifier": { + "PURL": "pkg:npm/on-headers@1.1.0", + "UID": "3b5fcb08499df571" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/on-headers/package.json" + }, + { + "ID": "once@1.4.0", + "Name": "once", + "Identifier": { + "PURL": "pkg:npm/once@1.4.0", + "UID": "7a9c9824b3e3f7a8" + }, + "Version": "1.4.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/once/package.json" + }, + { + "ID": "one-time@1.0.0", + "Name": "one-time", + "Identifier": { + "PURL": "pkg:npm/one-time@1.0.0", + "UID": "fb876284b74307c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/one-time/package.json" + }, + { + "ID": "opentype.js@0.7.3", + "Name": "opentype.js", + "Identifier": { + "PURL": "pkg:npm/opentype.js@0.7.3", + "UID": "94217f837d056d4f" + }, + "Version": "0.7.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/opentype.js/package.json" + }, + { + "ID": "os-homedir@1.0.2", + "Name": "os-homedir", + "Identifier": { + "PURL": "pkg:npm/os-homedir@1.0.2", + "UID": "2226f2f961c7d62f" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/os-homedir/package.json" + }, + { + "ID": "os-tmpdir@1.0.2", + "Name": "os-tmpdir", + "Identifier": { + "PURL": "pkg:npm/os-tmpdir@1.0.2", + "UID": "5f2f989827455c4a" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/os-tmpdir/package.json" + }, + { + "ID": "osenv@0.1.5", + "Name": "osenv", + "Identifier": { + "PURL": "pkg:npm/osenv@0.1.5", + "UID": "f7ac623affb88499" + }, + "Version": "0.1.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/osenv/package.json" + }, + { + "ID": "otplib@12.0.1", + "Name": "otplib", + "Identifier": { + "PURL": "pkg:npm/otplib@12.0.1", + "UID": "70193af58b5212c1" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/otplib/package.json" + }, + { + "ID": "p-cancelable@0.4.1", + "Name": "p-cancelable", + "Identifier": { + "PURL": "pkg:npm/p-cancelable@0.4.1", + "UID": "6c465980756bc6a2" + }, + "Version": "0.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-cancelable/package.json" + }, + { + "ID": "p-event@2.3.1", + "Name": "p-event", + "Identifier": { + "PURL": "pkg:npm/p-event@2.3.1", + "UID": "4d10da2d5ca5dca3" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-event/package.json" + }, + { + "ID": "p-finally@1.0.0", + "Name": "p-finally", + "Identifier": { + "PURL": "pkg:npm/p-finally@1.0.0", + "UID": "60066f04312365f4" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-finally/package.json" + }, + { + "ID": "p-is-promise@1.1.0", + "Name": "p-is-promise", + "Identifier": { + "PURL": "pkg:npm/p-is-promise@1.1.0", + "UID": "2f0bee7d4e812322" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-is-promise/package.json" + }, + { + "ID": "p-limit@2.3.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@2.3.0", + "UID": "c1362e116316a123" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/p-limit/package.json" + }, + { + "ID": "p-locate@4.1.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@4.1.0", + "UID": "bd69e65b12821ffa" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/p-locate/package.json" + }, + { + "ID": "p-map@4.0.0", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@4.0.0", + "UID": "c6ab59c1b5ecfe5e" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-map/package.json" + }, + { + "ID": "p-map@7.0.3", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@7.0.3", + "UID": "41389538ef1d95bc" + }, + "Version": "7.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/cacache/node_modules/p-map/package.json" + }, + { + "ID": "p-timeout@2.0.1", + "Name": "p-timeout", + "Identifier": { + "PURL": "pkg:npm/p-timeout@2.0.1", + "UID": "25465a37c6b22aa1" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-timeout/package.json" + }, + { + "ID": "p-try@2.2.0", + "Name": "p-try", + "Identifier": { + "PURL": "pkg:npm/p-try@2.2.0", + "UID": "fff9a89c67d949c4" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/p-try/package.json" + }, + { + "ID": "package-json-from-dist@1.0.1", + "Name": "package-json-from-dist", + "Identifier": { + "PURL": "pkg:npm/package-json-from-dist@1.0.1", + "UID": "f910d2f1d1a8d823" + }, + "Version": "1.0.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/package-json-from-dist/package.json" + }, + { + "ID": "pako@0.2.9", + "Name": "pako", + "Identifier": { + "PURL": "pkg:npm/pako@0.2.9", + "UID": "51cb63e22a388f81" + }, + "Version": "0.2.9", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pako/package.json" + }, + { + "ID": "parse-filepath@1.0.2", + "Name": "parse-filepath", + "Identifier": { + "PURL": "pkg:npm/parse-filepath@1.0.2", + "UID": "3018a7bb21b0fe4" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/parse-filepath/package.json" + }, + { + "ID": "parse-passwd@1.0.0", + "Name": "parse-passwd", + "Identifier": { + "PURL": "pkg:npm/parse-passwd@1.0.0", + "UID": "d660ea554f619b40" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/parse-passwd/package.json" + }, + { + "ID": "parseurl@1.3.3", + "Name": "parseurl", + "Identifier": { + "PURL": "pkg:npm/parseurl@1.3.3", + "UID": "21368337df21a0c9" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/parseurl/package.json" + }, + { + "ID": "pascalcase@0.1.1", + "Name": "pascalcase", + "Identifier": { + "PURL": "pkg:npm/pascalcase@0.1.1", + "UID": "892eca3db332798f" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pascalcase/package.json" + }, + { + "ID": "path-exists@4.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@4.0.0", + "UID": "6bc7ee168274aad6" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-exists/package.json" + }, + { + "ID": "path-is-absolute@1.0.1", + "Name": "path-is-absolute", + "Identifier": { + "PURL": "pkg:npm/path-is-absolute@1.0.1", + "UID": "73519eafa2afa264" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-is-absolute/package.json" + }, + { + "ID": "path-key@3.1.1", + "Name": "path-key", + "Identifier": { + "PURL": "pkg:npm/path-key@3.1.1", + "UID": "5564207e75273e83" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-key/package.json" + }, + { + "ID": "path-parse@1.0.7", + "Name": "path-parse", + "Identifier": { + "PURL": "pkg:npm/path-parse@1.0.7", + "UID": "284dfa3998114d17" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-parse/package.json" + }, + { + "ID": "path-root@0.1.1", + "Name": "path-root", + "Identifier": { + "PURL": "pkg:npm/path-root@0.1.1", + "UID": "1811e04184dad1d8" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-root/package.json" + }, + { + "ID": "path-root-regex@0.1.2", + "Name": "path-root-regex", + "Identifier": { + "PURL": "pkg:npm/path-root-regex@0.1.2", + "UID": "bed896ed412eef2" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-root-regex/package.json" + }, + { + "ID": "path-scurry@1.11.1", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@1.11.1", + "UID": "4e0d0a6628c09584" + }, + "Version": "1.11.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-scurry/package.json" + }, + { + "ID": "path-to-regexp@0.1.12", + "Name": "path-to-regexp", + "Identifier": { + "PURL": "pkg:npm/path-to-regexp@0.1.12", + "UID": "f17aec566f2ca4a6" + }, + "Version": "0.1.12", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/path-to-regexp/package.json" + }, + { + "ID": "pdfkit@0.11.0", + "Name": "pdfkit", + "Identifier": { + "PURL": "pkg:npm/pdfkit@0.11.0", + "UID": "74a84dd18bef445d" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pdfkit/package.json" + }, + { + "ID": "peek-readable@4.1.0", + "Name": "peek-readable", + "Identifier": { + "PURL": "pkg:npm/peek-readable@4.1.0", + "UID": "18ca947ed7704690" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/peek-readable/package.json" + }, + { + "ID": "pend@1.2.0", + "Name": "pend", + "Identifier": { + "PURL": "pkg:npm/pend@1.2.0", + "UID": "102c0e8a9b4ed067" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pend/package.json" + }, + { + "ID": "pg-connection-string@2.9.1", + "Name": "pg-connection-string", + "Identifier": { + "PURL": "pkg:npm/pg-connection-string@2.9.1", + "UID": "4fac578817f0e99c" + }, + "Version": "2.9.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pg-connection-string/package.json" + }, + { + "ID": "picomatch@2.3.1", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "19118b974a97ea63" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/picomatch/package.json" + }, + { + "ID": "picomatch@4.0.3", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "d2d8b105476ccfcf" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tinyglobby/node_modules/picomatch/package.json" + }, + { + "ID": "pify@2.3.0", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@2.3.0", + "UID": "21b5c4d4b9c2054e" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress-unzip/node_modules/pify/package.json" + }, + { + "ID": "pify@2.3.0", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@2.3.0", + "UID": "c7753a0f0e95af4f" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress/node_modules/pify/package.json" + }, + { + "ID": "pify@3.0.0", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@3.0.0", + "UID": "2ce552ae423fbb76" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/decompress/node_modules/make-dir/node_modules/pify/package.json" + }, + { + "ID": "pify@3.0.0", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@3.0.0", + "UID": "8e64729d933611be" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/got/node_modules/pify/package.json" + }, + { + "ID": "pify@4.0.1", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@4.0.1", + "UID": "ba694aa1475c9a93" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pify/package.json" + }, + { + "ID": "pinkie@2.0.4", + "Name": "pinkie", + "Identifier": { + "PURL": "pkg:npm/pinkie@2.0.4", + "UID": "bd7e4249601e56f9" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pinkie/package.json" + }, + { + "ID": "pinkie-promise@2.0.1", + "Name": "pinkie-promise", + "Identifier": { + "PURL": "pkg:npm/pinkie-promise@2.0.1", + "UID": "bfe9b41386ac5413" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pinkie-promise/package.json" + }, + { + "ID": "png-js@1.0.0", + "Name": "png-js", + "Identifier": { + "PURL": "pkg:npm/png-js@1.0.0", + "UID": "925e10c7af67ab52" + }, + "Version": "1.0.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/png-js/package.json" + }, + { + "ID": "portscanner@2.2.0", + "Name": "portscanner", + "Identifier": { + "PURL": "pkg:npm/portscanner@2.2.0", + "UID": "980774104171a866" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/portscanner/package.json" + }, + { + "ID": "posix-character-classes@0.1.1", + "Name": "posix-character-classes", + "Identifier": { + "PURL": "pkg:npm/posix-character-classes@0.1.1", + "UID": "273eb2a205b54771" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/posix-character-classes/package.json" + }, + { + "ID": "possible-typed-array-names@1.1.0", + "Name": "possible-typed-array-names", + "Identifier": { + "PURL": "pkg:npm/possible-typed-array-names@1.1.0", + "UID": "803af0e208905c12" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/possible-typed-array-names/package.json" + }, + { + "ID": "prebuild-install@5.3.6", + "Name": "prebuild-install", + "Identifier": { + "PURL": "pkg:npm/prebuild-install@5.3.6", + "UID": "e0193a615d0aa0c3" + }, + "Version": "5.3.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/prebuild-install/package.json" + }, + { + "ID": "prebuild-install@7.1.3", + "Name": "prebuild-install", + "Identifier": { + "PURL": "pkg:npm/prebuild-install@7.1.3", + "UID": "6499c82509e86ee" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/prebuild-install/package.json" + }, + { + "ID": "prebuild-install@7.1.3", + "Name": "prebuild-install", + "Identifier": { + "PURL": "pkg:npm/prebuild-install@7.1.3", + "UID": "41b505811832689f" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/prebuild-install/package.json" + }, + { + "ID": "prepend-http@2.0.0", + "Name": "prepend-http", + "Identifier": { + "PURL": "pkg:npm/prepend-http@2.0.0", + "UID": "a4aa0af0b73f92f6" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/prepend-http/package.json" + }, + { + "ID": "pretty-bytes@4.0.2", + "Name": "pretty-bytes", + "Identifier": { + "PURL": "pkg:npm/pretty-bytes@4.0.2", + "UID": "224974bd5bb7b967" + }, + "Version": "4.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/pretty-bytes/package.json" + }, + { + "ID": "proc-log@5.0.0", + "Name": "proc-log", + "Identifier": { + "PURL": "pkg:npm/proc-log@5.0.0", + "UID": "ea7fd74cb72e1159" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/proc-log/package.json" + }, + { + "ID": "process@0.11.10", + "Name": "process", + "Identifier": { + "PURL": "pkg:npm/process@0.11.10", + "UID": "8d08917aecf3a8b0" + }, + "Version": "0.11.10", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/process/package.json" + }, + { + "ID": "process-nextick-args@2.0.1", + "Name": "process-nextick-args", + "Identifier": { + "PURL": "pkg:npm/process-nextick-args@2.0.1", + "UID": "ed362f5391dca498" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/process-nextick-args/package.json" + }, + { + "ID": "prom-client@14.2.0", + "Name": "prom-client", + "Identifier": { + "PURL": "pkg:npm/prom-client@14.2.0", + "UID": "c21487cd13f38999" + }, + "Version": "14.2.0", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/prom-client/package.json" + }, + { + "ID": "promise@7.3.1", + "Name": "promise", + "Identifier": { + "PURL": "pkg:npm/promise@7.3.1", + "UID": "b30b8c842490dc6" + }, + "Version": "7.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/promise/package.json" + }, + { + "ID": "promise-inflight@1.0.1", + "Name": "promise-inflight", + "Identifier": { + "PURL": "pkg:npm/promise-inflight@1.0.1", + "UID": "ee158eb958842072" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/promise-inflight/package.json" + }, + { + "ID": "promise-retry@2.0.1", + "Name": "promise-retry", + "Identifier": { + "PURL": "pkg:npm/promise-retry@2.0.1", + "UID": "1c5e6908ca587a25" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/promise-retry/package.json" + }, + { + "ID": "proper-lockfile@1.2.0", + "Name": "proper-lockfile", + "Identifier": { + "PURL": "pkg:npm/proper-lockfile@1.2.0", + "UID": "e363eb6f45e60a2d" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/proper-lockfile/package.json" + }, + { + "ID": "proxy-addr@2.0.7", + "Name": "proxy-addr", + "Identifier": { + "PURL": "pkg:npm/proxy-addr@2.0.7", + "UID": "ef9beb6b3258ff25" + }, + "Version": "2.0.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/proxy-addr/package.json" + }, + { + "ID": "pug@3.0.3", + "Name": "pug", + "Identifier": { + "PURL": "pkg:npm/pug@3.0.3", + "UID": "c7f929093ff3d4fa" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug/package.json" + }, + { + "ID": "pug-attrs@3.0.0", + "Name": "pug-attrs", + "Identifier": { + "PURL": "pkg:npm/pug-attrs@3.0.0", + "UID": "c1a88540de079b8f" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-attrs/package.json" + }, + { + "ID": "pug-code-gen@3.0.3", + "Name": "pug-code-gen", + "Identifier": { + "PURL": "pkg:npm/pug-code-gen@3.0.3", + "UID": "75e6e888511eabae" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-code-gen/package.json" + }, + { + "ID": "pug-error@2.1.0", + "Name": "pug-error", + "Identifier": { + "PURL": "pkg:npm/pug-error@2.1.0", + "UID": "5926e24aceb00915" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-error/package.json" + }, + { + "ID": "pug-filters@4.0.0", + "Name": "pug-filters", + "Identifier": { + "PURL": "pkg:npm/pug-filters@4.0.0", + "UID": "7129fe199c5a6f36" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-filters/package.json" + }, + { + "ID": "pug-lexer@5.0.1", + "Name": "pug-lexer", + "Identifier": { + "PURL": "pkg:npm/pug-lexer@5.0.1", + "UID": "b9529e68b01c6dd5" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-lexer/package.json" + }, + { + "ID": "pug-linker@4.0.0", + "Name": "pug-linker", + "Identifier": { + "PURL": "pkg:npm/pug-linker@4.0.0", + "UID": "264a21834238a8b5" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-linker/package.json" + }, + { + "ID": "pug-load@3.0.0", + "Name": "pug-load", + "Identifier": { + "PURL": "pkg:npm/pug-load@3.0.0", + "UID": "48cc07dcfadf430e" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-load/package.json" + }, + { + "ID": "pug-parser@6.0.0", + "Name": "pug-parser", + "Identifier": { + "PURL": "pkg:npm/pug-parser@6.0.0", + "UID": "662dae74e8a1117c" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-parser/package.json" + }, + { + "ID": "pug-runtime@3.0.1", + "Name": "pug-runtime", + "Identifier": { + "PURL": "pkg:npm/pug-runtime@3.0.1", + "UID": "d5c24364e0f25c4a" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-runtime/package.json" + }, + { + "ID": "pug-strip-comments@2.0.0", + "Name": "pug-strip-comments", + "Identifier": { + "PURL": "pkg:npm/pug-strip-comments@2.0.0", + "UID": "14f862d589c118db" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-strip-comments/package.json" + }, + { + "ID": "pug-walk@2.0.0", + "Name": "pug-walk", + "Identifier": { + "PURL": "pkg:npm/pug-walk@2.0.0", + "UID": "f52eb3a847cc0508" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pug-walk/package.json" + }, + { + "ID": "pump@3.0.3", + "Name": "pump", + "Identifier": { + "PURL": "pkg:npm/pump@3.0.3", + "UID": "d28be94cd5de2679" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/pump/package.json" + }, + { + "ID": "qs@6.13.0", + "Name": "qs", + "Identifier": { + "PURL": "pkg:npm/qs@6.13.0", + "UID": "ad7af58da0313f22" + }, + "Version": "6.13.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/qs/package.json" + }, + { + "ID": "query-string@5.1.1", + "Name": "query-string", + "Identifier": { + "PURL": "pkg:npm/query-string@5.1.1", + "UID": "e53c08be5142b852" + }, + "Version": "5.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/query-string/package.json" + }, + { + "ID": "range-parser@1.2.1", + "Name": "range-parser", + "Identifier": { + "PURL": "pkg:npm/range-parser@1.2.1", + "UID": "bb66807a2ce0972" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/range-parser/package.json" + }, + { + "ID": "range_check@2.0.4", + "Name": "range_check", + "Identifier": { + "PURL": "pkg:npm/range_check@2.0.4", + "UID": "f09e5cc8f8b2d22c" + }, + "Version": "2.0.4", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/range_check/package.json" + }, + { + "ID": "raw-body@2.5.2", + "Name": "raw-body", + "Identifier": { + "PURL": "pkg:npm/raw-body@2.5.2", + "UID": "c81d32ef47d24838" + }, + "Version": "2.5.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/raw-body/package.json" + }, + { + "ID": "rc@1.2.8", + "Name": "rc", + "Identifier": { + "PURL": "pkg:npm/rc@1.2.8", + "UID": "9250ecaed3b06463" + }, + "Version": "1.2.8", + "Licenses": [ + "(BSD-2-Clause OR MIT OR Apache-2.0)" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rc/package.json" + }, + { + "ID": "readable-stream@1.0.34", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@1.0.34", + "UID": "e53145298cdb7a90" + }, + "Version": "1.0.34", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@2.3.8", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@2.3.8", + "UID": "d1636675c8efb405" + }, + "Version": "2.3.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "914d8e250826cb33" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "d4c76f07e4284054" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-fs/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "3fd8905b29ec7c7f" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston-transport/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "843e73bd2254b9df" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-stream@4.7.0", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@4.7.0", + "UID": "94a86ab8c1967233" + }, + "Version": "4.7.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-web-to-node-stream/node_modules/readable-stream/package.json" + }, + { + "ID": "readable-web-to-node-stream@3.0.4", + "Name": "readable-web-to-node-stream", + "Identifier": { + "PURL": "pkg:npm/readable-web-to-node-stream@3.0.4", + "UID": "661e59674fb433cb" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-web-to-node-stream/package.json" + }, + { + "ID": "readdirp@3.5.0", + "Name": "readdirp", + "Identifier": { + "PURL": "pkg:npm/readdirp@3.5.0", + "UID": "40614d410d567925" + }, + "Version": "3.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readdirp/package.json" + }, + { + "ID": "rechoir@0.7.1", + "Name": "rechoir", + "Identifier": { + "PURL": "pkg:npm/rechoir@0.7.1", + "UID": "2edfe6849f904f4f" + }, + "Version": "0.7.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rechoir/package.json" + }, + { + "ID": "recursedir-comparisons@0.0.0", + "Name": "recursedir-comparisons", + "Identifier": { + "PURL": "pkg:npm/recursedir-comparisons@0.0.0", + "UID": "a7e5e0f2db826927" + }, + "Version": "0.0.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/walkdir/test/comparison/package.json" + }, + { + "ID": "regex-not@1.0.2", + "Name": "regex-not", + "Identifier": { + "PURL": "pkg:npm/regex-not@1.0.2", + "UID": "4a08a557c337e47c" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/regex-not/package.json" + }, + { + "ID": "regexp.prototype.flags@1.5.4", + "Name": "regexp.prototype.flags", + "Identifier": { + "PURL": "pkg:npm/regexp.prototype.flags@1.5.4", + "UID": "2aaba39aef505c61" + }, + "Version": "1.5.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/regexp.prototype.flags/package.json" + }, + { + "ID": "remove-trailing-separator@1.1.0", + "Name": "remove-trailing-separator", + "Identifier": { + "PURL": "pkg:npm/remove-trailing-separator@1.1.0", + "UID": "da5e09e0afbbeece" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/remove-trailing-separator/package.json" + }, + { + "ID": "repeat-element@1.1.4", + "Name": "repeat-element", + "Identifier": { + "PURL": "pkg:npm/repeat-element@1.1.4", + "UID": "9a5a929f5feba798" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/repeat-element/package.json" + }, + { + "ID": "repeat-string@1.6.1", + "Name": "repeat-string", + "Identifier": { + "PURL": "pkg:npm/repeat-string@1.6.1", + "UID": "7bf15edb8e134af1" + }, + "Version": "1.6.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/repeat-string/package.json" + }, + { + "ID": "replace@1.2.2", + "Name": "replace", + "Identifier": { + "PURL": "pkg:npm/replace@1.2.2", + "UID": "90ed464a2571d504" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/package.json" + }, + { + "ID": "require-directory@2.1.1", + "Name": "require-directory", + "Identifier": { + "PURL": "pkg:npm/require-directory@2.1.1", + "UID": "9537c8a8bd3a27cc" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/require-directory/package.json" + }, + { + "ID": "require-main-filename@2.0.0", + "Name": "require-main-filename", + "Identifier": { + "PURL": "pkg:npm/require-main-filename@2.0.0", + "UID": "d853b8e2edcc91fa" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/require-main-filename/package.json" + }, + { + "ID": "resolve@1.22.10", + "Name": "resolve", + "Identifier": { + "PURL": "pkg:npm/resolve@1.22.10", + "UID": "c496aa3496e5b4b4" + }, + "Version": "1.22.10", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve/package.json" + }, + { + "ID": "resolve-dir@1.0.1", + "Name": "resolve-dir", + "Identifier": { + "PURL": "pkg:npm/resolve-dir@1.0.1", + "UID": "6731a7d539cd52da" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve-dir/package.json" + }, + { + "ID": "resolve-url@0.2.1", + "Name": "resolve-url", + "Identifier": { + "PURL": "pkg:npm/resolve-url@0.2.1", + "UID": "258a2f424e98f304" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/resolve-url/package.json" + }, + { + "ID": "responselike@1.0.2", + "Name": "responselike", + "Identifier": { + "PURL": "pkg:npm/responselike@1.0.2", + "UID": "9e0ab21f8ccef410" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/responselike/package.json" + }, + { + "ID": "restructure@2.0.1", + "Name": "restructure", + "Identifier": { + "PURL": "pkg:npm/restructure@2.0.1", + "UID": "10931ef32ac876f2" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/restructure/package.json" + }, + { + "ID": "ret@0.1.15", + "Name": "ret", + "Identifier": { + "PURL": "pkg:npm/ret@0.1.15", + "UID": "2ff77cb181056c2e" + }, + "Version": "0.1.15", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ret/package.json" + }, + { + "ID": "retry@0.10.1", + "Name": "retry", + "Identifier": { + "PURL": "pkg:npm/retry@0.10.1", + "UID": "ced9ae8682d470ff" + }, + "Version": "0.10.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/proper-lockfile/node_modules/retry/package.json" + }, + { + "ID": "retry@0.12.0", + "Name": "retry", + "Identifier": { + "PURL": "pkg:npm/retry@0.12.0", + "UID": "774bcc0b25d1e2c3" + }, + "Version": "0.12.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/retry/package.json" + }, + { + "ID": "retry-as-promised@7.1.1", + "Name": "retry-as-promised", + "Identifier": { + "PURL": "pkg:npm/retry-as-promised@7.1.1", + "UID": "1d0a1fbd929abee4" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/retry-as-promised/package.json" + }, + { + "ID": "rimraf@2.7.1", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@2.7.1", + "UID": "a95f74cb3499786c" + }, + "Version": "2.7.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/fstream/node_modules/rimraf/package.json" + }, + { + "ID": "rimraf@2.7.1", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@2.7.1", + "UID": "4ec162aac7148d12" + }, + "Version": "2.7.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/rimraf/package.json" + }, + { + "ID": "rimraf@2.7.1", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@2.7.1", + "UID": "f20d947dc0390c50" + }, + "Version": "2.7.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/rimraf/package.json" + }, + { + "ID": "rimraf@3.0.2", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@3.0.2", + "UID": "65e5df9c50695974" + }, + "Version": "3.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rimraf/package.json" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "5eb0615186796978" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/morgan/node_modules/safe-buffer/package.json" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "9e79f4fbd388a6fd" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-stream/node_modules/safe-buffer/package.json" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "12619934d4ce1b3c" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string_decoder/node_modules/safe-buffer/package.json" + }, + { + "ID": "safe-buffer@5.2.1", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.2.1", + "UID": "c22eb16f92305f51" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/safe-buffer/package.json" + }, + { + "ID": "safe-regex@1.1.0", + "Name": "safe-regex", + "Identifier": { + "PURL": "pkg:npm/safe-regex@1.1.0", + "UID": "ee0c0d11974c0baa" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/safe-regex/package.json" + }, + { + "ID": "safe-regex-test@1.1.0", + "Name": "safe-regex-test", + "Identifier": { + "PURL": "pkg:npm/safe-regex-test@1.1.0", + "UID": "bde55d098977089c" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/safe-regex-test/package.json" + }, + { + "ID": "safe-stable-stringify@2.5.0", + "Name": "safe-stable-stringify", + "Identifier": { + "PURL": "pkg:npm/safe-stable-stringify@2.5.0", + "UID": "fe0e584efdc0c592" + }, + "Version": "2.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/safe-stable-stringify/package.json" + }, + { + "ID": "safer-buffer@2.1.2", + "Name": "safer-buffer", + "Identifier": { + "PURL": "pkg:npm/safer-buffer@2.1.2", + "UID": "357b3b14417d1490" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/safer-buffer/package.json" + }, + { + "ID": "samsam@1.1.2", + "Name": "samsam", + "Identifier": { + "PURL": "pkg:npm/samsam@1.1.2", + "UID": "f2dd7aa7a54f252" + }, + "Version": "1.1.2", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/samsam/package.json" + }, + { + "ID": "sanitize-filename@1.6.3", + "Name": "sanitize-filename", + "Identifier": { + "PURL": "pkg:npm/sanitize-filename@1.6.3", + "UID": "860280c62f665929" + }, + "Version": "1.6.3", + "Licenses": [ + "WTFPL OR ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-filename/package.json" + }, + { + "ID": "sanitize-html@1.4.2", + "Name": "sanitize-html", + "Identifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/package.json" + }, + { + "ID": "sax@1.4.1", + "Name": "sax", + "Identifier": { + "PURL": "pkg:npm/sax@1.4.1", + "UID": "5a16ca034d8adb8b" + }, + "Version": "1.4.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sax/package.json" + }, + { + "ID": "seek-bzip@1.0.6", + "Name": "seek-bzip", + "Identifier": { + "PURL": "pkg:npm/seek-bzip@1.0.6", + "UID": "f056225f3ef009ce" + }, + "Version": "1.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/seek-bzip/package.json" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "5941ca671f8b2778" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/check-dependencies/node_modules/semver/package.json" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "c6b9c76e0bb6a166" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/make-dir/node_modules/semver/package.json" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "a552dca693d617d8" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-abi/node_modules/semver/package.json" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "3c8a693e8a4e24b1" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/semver/package.json" + }, + { + "ID": "semver@7.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.2", + "UID": "8379a858861f204a" + }, + "Version": "7.7.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/semver/package.json" + }, + { + "ID": "send@0.19.0", + "Name": "send", + "Identifier": { + "PURL": "pkg:npm/send@0.19.0", + "UID": "a7bc0011c8b1420a" + }, + "Version": "0.19.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/send/package.json" + }, + { + "ID": "sequelize@6.37.7", + "Name": "sequelize", + "Identifier": { + "PURL": "pkg:npm/sequelize@6.37.7", + "UID": "1d0bba16eed5aae9" + }, + "Version": "6.37.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sequelize/package.json" + }, + { + "ID": "sequelize-pool@7.1.0", + "Name": "sequelize-pool", + "Identifier": { + "PURL": "pkg:npm/sequelize-pool@7.1.0", + "UID": "99293f6e79ea8c95" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sequelize-pool/package.json" + }, + { + "ID": "serve-index@1.9.1", + "Name": "serve-index", + "Identifier": { + "PURL": "pkg:npm/serve-index@1.9.1", + "UID": "3849e63c967ac887" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/package.json" + }, + { + "ID": "serve-static@1.16.2", + "Name": "serve-static", + "Identifier": { + "PURL": "pkg:npm/serve-static@1.16.2", + "UID": "4f1818c683f2782c" + }, + "Version": "1.16.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-static/package.json" + }, + { + "ID": "set-blocking@2.0.0", + "Name": "set-blocking", + "Identifier": { + "PURL": "pkg:npm/set-blocking@2.0.0", + "UID": "ee42f1f98480c2b6" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-blocking/package.json" + }, + { + "ID": "set-function-length@1.2.2", + "Name": "set-function-length", + "Identifier": { + "PURL": "pkg:npm/set-function-length@1.2.2", + "UID": "8f925b54a0b0204f" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-function-length/package.json" + }, + { + "ID": "set-function-name@2.0.2", + "Name": "set-function-name", + "Identifier": { + "PURL": "pkg:npm/set-function-name@2.0.2", + "UID": "2706352b37634630" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-function-name/package.json" + }, + { + "ID": "set-value@2.0.1", + "Name": "set-value", + "Identifier": { + "PURL": "pkg:npm/set-value@2.0.1", + "UID": "7fece0d35b92dfad" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/set-value/package.json" + }, + { + "ID": "setimmediate@1.0.5", + "Name": "setimmediate", + "Identifier": { + "PURL": "pkg:npm/setimmediate@1.0.5", + "UID": "dd4d91c420309f21" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/setimmediate/package.json" + }, + { + "ID": "setprototypeof@1.1.0", + "Name": "setprototypeof", + "Identifier": { + "PURL": "pkg:npm/setprototypeof@1.1.0", + "UID": "6babdd4887bd569a" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/setprototypeof/package.json" + }, + { + "ID": "setprototypeof@1.2.0", + "Name": "setprototypeof", + "Identifier": { + "PURL": "pkg:npm/setprototypeof@1.2.0", + "UID": "dc950d54b26ae35a" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/setprototypeof/package.json" + }, + { + "ID": "shebang-command@2.0.0", + "Name": "shebang-command", + "Identifier": { + "PURL": "pkg:npm/shebang-command@2.0.0", + "UID": "6f366632e07f7af7" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/shebang-command/package.json" + }, + { + "ID": "shebang-regex@3.0.0", + "Name": "shebang-regex", + "Identifier": { + "PURL": "pkg:npm/shebang-regex@3.0.0", + "UID": "b86e93395695797a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/shebang-regex/package.json" + }, + { + "ID": "side-channel@1.1.0", + "Name": "side-channel", + "Identifier": { + "PURL": "pkg:npm/side-channel@1.1.0", + "UID": "21578fb7e04b9c54" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/side-channel/package.json" + }, + { + "ID": "side-channel-list@1.0.0", + "Name": "side-channel-list", + "Identifier": { + "PURL": "pkg:npm/side-channel-list@1.0.0", + "UID": "27aed1c2fd299531" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/side-channel-list/package.json" + }, + { + "ID": "side-channel-map@1.0.1", + "Name": "side-channel-map", + "Identifier": { + "PURL": "pkg:npm/side-channel-map@1.0.1", + "UID": "5e41d9b6a8752ccc" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/side-channel-map/package.json" + }, + { + "ID": "side-channel-weakmap@1.0.2", + "Name": "side-channel-weakmap", + "Identifier": { + "PURL": "pkg:npm/side-channel-weakmap@1.0.2", + "UID": "9968728c52c6881" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/side-channel-weakmap/package.json" + }, + { + "ID": "signal-exit@3.0.7", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@3.0.7", + "UID": "28feb296c05f2d51" + }, + "Version": "3.0.7", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/signal-exit/package.json" + }, + { + "ID": "signal-exit@4.1.0", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@4.1.0", + "UID": "c0d690c811293f7a" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/foreground-child/node_modules/signal-exit/package.json" + }, + { + "ID": "simple-concat@1.0.1", + "Name": "simple-concat", + "Identifier": { + "PURL": "pkg:npm/simple-concat@1.0.1", + "UID": "5131d7b1adad4432" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-concat/package.json" + }, + { + "ID": "simple-get@3.1.1", + "Name": "simple-get", + "Identifier": { + "PURL": "pkg:npm/simple-get@3.1.1", + "UID": "7d0f860aafb5f9ea" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-get/package.json" + }, + { + "ID": "simple-get@4.0.1", + "Name": "simple-get", + "Identifier": { + "PURL": "pkg:npm/simple-get@4.0.1", + "UID": "2a9d22dd160f2ae1" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/libxmljs2/node_modules/simple-get/package.json" + }, + { + "ID": "simple-get@4.0.1", + "Name": "simple-get", + "Identifier": { + "PURL": "pkg:npm/simple-get@4.0.1", + "UID": "c5e213686423cf53" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/simple-get/package.json" + }, + { + "ID": "simple-swizzle@0.2.2", + "Name": "simple-swizzle", + "Identifier": { + "PURL": "pkg:npm/simple-swizzle@0.2.2", + "UID": "a4c5d082f6ffcf44" + }, + "Version": "0.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/simple-swizzle/package.json" + }, + { + "ID": "sinon@1.17.7", + "Name": "sinon", + "Identifier": { + "PURL": "pkg:npm/sinon@1.17.7", + "UID": "b1346093041fe5f1" + }, + "Version": "1.17.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/filesniffer/node_modules/sinon/package.json" + }, + { + "ID": "smart-buffer@4.2.0", + "Name": "smart-buffer", + "Identifier": { + "PURL": "pkg:npm/smart-buffer@4.2.0", + "UID": "38f42608a6cfee44" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/smart-buffer/package.json" + }, + { + "ID": "snapdragon@0.8.2", + "Name": "snapdragon", + "Identifier": { + "PURL": "pkg:npm/snapdragon@0.8.2", + "UID": "c1ee2368ade6b78b" + }, + "Version": "0.8.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/package.json" + }, + { + "ID": "snapdragon-node@2.1.1", + "Name": "snapdragon-node", + "Identifier": { + "PURL": "pkg:npm/snapdragon-node@2.1.1", + "UID": "ec021dd6109e046d" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon-node/package.json" + }, + { + "ID": "snapdragon-util@3.0.1", + "Name": "snapdragon-util", + "Identifier": { + "PURL": "pkg:npm/snapdragon-util@3.0.1", + "UID": "dbe2cdbe3ee20c2e" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon-util/package.json" + }, + { + "ID": "socket.io@3.1.2", + "Name": "socket.io", + "Identifier": { + "PURL": "pkg:npm/socket.io@3.1.2", + "UID": "2cfa07ffcdb1bf43" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socket.io/package.json" + }, + { + "ID": "socket.io-adapter@2.1.0", + "Name": "socket.io-adapter", + "Identifier": { + "PURL": "pkg:npm/socket.io-adapter@2.1.0", + "UID": "c0046b8d0c9f35e3" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socket.io-adapter/package.json" + }, + { + "ID": "socket.io-parser@4.0.5", + "Name": "socket.io-parser", + "Identifier": { + "PURL": "pkg:npm/socket.io-parser@4.0.5", + "UID": "a5c96fae75095a78" + }, + "Version": "4.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socket.io-parser/package.json" + }, + { + "ID": "socks@2.8.7", + "Name": "socks", + "Identifier": { + "PURL": "pkg:npm/socks@2.8.7", + "UID": "f9b7b59661bad56a" + }, + "Version": "2.8.7", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socks/package.json" + }, + { + "ID": "socks-proxy-agent@6.2.1", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@6.2.1", + "UID": "957006cdcc27cb7f" + }, + "Version": "6.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/socks-proxy-agent/package.json" + }, + { + "ID": "socks-proxy-agent@8.0.5", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@8.0.5", + "UID": "9d5774d6719a8693" + }, + "Version": "8.0.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/socks-proxy-agent/package.json" + }, + { + "ID": "sort-keys@1.1.2", + "Name": "sort-keys", + "Identifier": { + "PURL": "pkg:npm/sort-keys@1.1.2", + "UID": "37d71a94afa82106" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sort-keys-length/node_modules/sort-keys/package.json" + }, + { + "ID": "sort-keys@2.0.0", + "Name": "sort-keys", + "Identifier": { + "PURL": "pkg:npm/sort-keys@2.0.0", + "UID": "58ac4052d9ce522e" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sort-keys/package.json" + }, + { + "ID": "sort-keys-length@1.0.1", + "Name": "sort-keys-length", + "Identifier": { + "PURL": "pkg:npm/sort-keys-length@1.0.1", + "UID": "c862b28ade8ceb4c" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sort-keys-length/package.json" + }, + { + "ID": "source-map@0.5.7", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.5.7", + "UID": "131b9eba70e14992" + }, + "Version": "0.5.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/snapdragon/node_modules/source-map/package.json" + }, + { + "ID": "source-map@0.6.1", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.6.1", + "UID": "4aafa2cb3589394b" + }, + "Version": "0.6.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/source-map/package.json" + }, + { + "ID": "source-map-resolve@0.5.3", + "Name": "source-map-resolve", + "Identifier": { + "PURL": "pkg:npm/source-map-resolve@0.5.3", + "UID": "25926d4046adbbeb" + }, + "Version": "0.5.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/source-map-resolve/package.json" + }, + { + "ID": "source-map-support@0.5.21", + "Name": "source-map-support", + "Identifier": { + "PURL": "pkg:npm/source-map-support@0.5.21", + "UID": "95218a011a4c19fa" + }, + "Version": "0.5.21", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/source-map-support/package.json" + }, + { + "ID": "source-map-url@0.4.1", + "Name": "source-map-url", + "Identifier": { + "PURL": "pkg:npm/source-map-url@0.4.1", + "UID": "b1cefa27a7252a18" + }, + "Version": "0.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/source-map-url/package.json" + }, + { + "ID": "split-string@3.1.0", + "Name": "split-string", + "Identifier": { + "PURL": "pkg:npm/split-string@3.1.0", + "UID": "67736477bfe7a7f0" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/split-string/package.json" + }, + { + "ID": "sprintf-js@1.0.3", + "Name": "sprintf-js", + "Identifier": { + "PURL": "pkg:npm/sprintf-js@1.0.3", + "UID": "1d70a05588ba47cc" + }, + "Version": "1.0.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/argparse/node_modules/sprintf-js/package.json" + }, + { + "ID": "sprintf-js@1.1.3", + "Name": "sprintf-js", + "Identifier": { + "PURL": "pkg:npm/sprintf-js@1.1.3", + "UID": "f3ea9d76ae551de9" + }, + "Version": "1.1.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sprintf-js/package.json" + }, + { + "ID": "sqlite3@5.1.7", + "Name": "sqlite3", + "Identifier": { + "PURL": "pkg:npm/sqlite3@5.1.7", + "UID": "29e57331060e709a" + }, + "Version": "5.1.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/package.json" + }, + { + "ID": "ssri@12.0.0", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@12.0.0", + "UID": "294408ea780a445c" + }, + "Version": "12.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ssri/package.json" + }, + { + "ID": "ssri@8.0.1", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@8.0.1", + "UID": "299494bb908ec1d2" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/ssri/package.json" + }, + { + "ID": "stack-trace@0.0.10", + "Name": "stack-trace", + "Identifier": { + "PURL": "pkg:npm/stack-trace@0.0.10", + "UID": "b7625d4b06df0cab" + }, + "Version": "0.0.10", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/stack-trace/package.json" + }, + { + "ID": "static-extend@0.1.2", + "Name": "static-extend", + "Identifier": { + "PURL": "pkg:npm/static-extend@0.1.2", + "UID": "9deaa414b401bfaa" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/static-extend/package.json" + }, + { + "ID": "statuses@1.5.0", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@1.5.0", + "UID": "1ad473710be6e96" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/serve-index/node_modules/statuses/package.json" + }, + { + "ID": "statuses@2.0.1", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@2.0.1", + "UID": "10b8a5fa51844c89" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/statuses/package.json" + }, + { + "ID": "stop-iteration-iterator@1.1.0", + "Name": "stop-iteration-iterator", + "Identifier": { + "PURL": "pkg:npm/stop-iteration-iterator@1.1.0", + "UID": "89d2bf990f7308fd" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/stop-iteration-iterator/package.json" + }, + { + "ID": "stream-buffers@2.2.0", + "Name": "stream-buffers", + "Identifier": { + "PURL": "pkg:npm/stream-buffers@2.2.0", + "UID": "197db3c62f8eda58" + }, + "Version": "2.2.0", + "Licenses": [ + "Unlicense" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/stream-buffers/package.json" + }, + { + "ID": "streamsearch@1.1.0", + "Name": "streamsearch", + "Identifier": { + "PURL": "pkg:npm/streamsearch@1.1.0", + "UID": "f64b35f6a9153040" + }, + "Version": "1.1.0", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/streamsearch/package.json" + }, + { + "ID": "strict-uri-encode@1.1.0", + "Name": "strict-uri-encode", + "Identifier": { + "PURL": "pkg:npm/strict-uri-encode@1.1.0", + "UID": "59c44c58849de6d6" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strict-uri-encode/package.json" + }, + { + "ID": "string-width@1.0.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@1.0.2", + "UID": "1c919675ce332fc1" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gauge/node_modules/string-width/package.json" + }, + { + "ID": "string-width@2.1.1", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@2.1.1", + "UID": "433c3cc513b78625" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wide-align/node_modules/string-width/package.json" + }, + { + "ID": "string-width@4.2.3", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@4.2.3", + "UID": "6cbac755153d458f" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string-width-cjs/package.json" + }, + { + "ID": "string-width@4.2.3", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@4.2.3", + "UID": "d9017a92bce3d5bd" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string-width/package.json" + }, + { + "ID": "string-width@5.1.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@5.1.2", + "UID": "9ca65ab2a42a3a9" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/cliui/node_modules/string-width/package.json" + }, + { + "ID": "string-width@5.1.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@5.1.2", + "UID": "6db69a965792b6fa" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/node_modules/string-width/package.json" + }, + { + "ID": "string.fromcodepoint@0.2.1", + "Name": "string.fromcodepoint", + "Identifier": { + "PURL": "pkg:npm/string.fromcodepoint@0.2.1", + "UID": "d02e0bc12615bd35" + }, + "Version": "0.2.1", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string.fromcodepoint/package.json" + }, + { + "ID": "string.prototype.codepointat@0.2.1", + "Name": "string.prototype.codepointat", + "Identifier": { + "PURL": "pkg:npm/string.prototype.codepointat@0.2.1", + "UID": "d89aff95d3513439" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string.prototype.codepointat/package.json" + }, + { + "ID": "string_decoder@0.10.31", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@0.10.31", + "UID": "9cd282680280c707" + }, + "Version": "0.10.31", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sanitize-html/node_modules/string_decoder/package.json" + }, + { + "ID": "string_decoder@1.1.1", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.1.1", + "UID": "3fd9a8a1b2cb4ad1" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/string_decoder/package.json" + }, + { + "ID": "string_decoder@1.3.0", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.3.0", + "UID": "2ab237e1cf103dbf" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/readable-web-to-node-stream/node_modules/string_decoder/package.json" + }, + { + "ID": "strip-ansi@3.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@3.0.1", + "UID": "55f8d003342778fd" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/gauge/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-ansi@3.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@3.0.1", + "UID": "f666825877c01761" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-ansi@4.0.0", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@4.0.0", + "UID": "836eed9510ae16b7" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wide-align/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-ansi@6.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@6.0.1", + "UID": "dd6df3cac3ab823c" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strip-ansi-cjs/package.json" + }, + { + "ID": "strip-ansi@6.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@6.0.1", + "UID": "8a0d36fcd30d87f4" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-ansi@7.1.0", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@7.1.0", + "UID": "4c6d093310ae316e" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-ansi@7.1.0", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@7.1.0", + "UID": "d2db1bf742112e98" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/node_modules/strip-ansi/package.json" + }, + { + "ID": "strip-bom@3.0.0", + "Name": "strip-bom", + "Identifier": { + "PURL": "pkg:npm/strip-bom@3.0.0", + "UID": "8b4cb684866803a8" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tsconfig/node_modules/strip-bom/package.json" + }, + { + "ID": "strip-dirs@2.1.0", + "Name": "strip-dirs", + "Identifier": { + "PURL": "pkg:npm/strip-dirs@2.1.0", + "UID": "cb6de90dd47a83b0" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strip-dirs/package.json" + }, + { + "ID": "strip-json-comments@2.0.1", + "Name": "strip-json-comments", + "Identifier": { + "PURL": "pkg:npm/strip-json-comments@2.0.1", + "UID": "de088dd896e4c9a8" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/rc/node_modules/strip-json-comments/package.json" + }, + { + "ID": "strip-json-comments@2.0.1", + "Name": "strip-json-comments", + "Identifier": { + "PURL": "pkg:npm/strip-json-comments@2.0.1", + "UID": "7bc372af28c27375" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tsconfig/node_modules/strip-json-comments/package.json" + }, + { + "ID": "strip-outer@1.0.1", + "Name": "strip-outer", + "Identifier": { + "PURL": "pkg:npm/strip-outer@1.0.1", + "UID": "7165041bb6e2f9be" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strip-outer/package.json" + }, + { + "ID": "strtok3@6.3.0", + "Name": "strtok3", + "Identifier": { + "PURL": "pkg:npm/strtok3@6.3.0", + "UID": "db07704ca3709bfa" + }, + "Version": "6.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/strtok3/package.json" + }, + { + "ID": "supports-color@2.0.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@2.0.0", + "UID": "ba6c2a4105355c0f" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-contrib-compress/node_modules/supports-color/package.json" + }, + { + "ID": "supports-color@5.5.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@5.5.0", + "UID": "2b1c65f2658d5921" + }, + "Version": "5.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/supports-color/package.json" + }, + { + "ID": "supports-color@7.2.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@7.2.0", + "UID": "86171ee140e0e3d6" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt-legacy-log-utils/node_modules/supports-color/package.json" + }, + { + "ID": "supports-preserve-symlinks-flag@1.0.0", + "Name": "supports-preserve-symlinks-flag", + "Identifier": { + "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "UID": "498f16c29dca1b1a" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/supports-preserve-symlinks-flag/package.json" + }, + { + "ID": "svg-captcha@1.4.0", + "Name": "svg-captcha", + "Identifier": { + "PURL": "pkg:npm/svg-captcha@1.4.0", + "UID": "e039bfab7f64cd88" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/svg-captcha/package.json" + }, + { + "ID": "swagger-ui-dist@5.28.1", + "Name": "swagger-ui-dist", + "Identifier": { + "PURL": "pkg:npm/swagger-ui-dist@5.28.1", + "UID": "8e2842e984f78099" + }, + "Version": "5.28.1", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/swagger-ui-dist/package.json" + }, + { + "ID": "swagger-ui-express@5.0.1", + "Name": "swagger-ui-express", + "Identifier": { + "PURL": "pkg:npm/swagger-ui-express@5.0.1", + "UID": "424ae9f25adb05d7" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/swagger-ui-express/package.json" + }, + { + "ID": "tar@4.4.19", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@4.4.19", + "UID": "b2f700056d98ebcd" + }, + "Version": "4.4.19", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json" + }, + { + "ID": "tar@6.2.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "6e929345bdd2eef2" + }, + "Version": "6.2.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/tar/package.json" + }, + { + "ID": "tar@7.4.3", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@7.4.3", + "UID": "ea380b94dc917086" + }, + "Version": "7.4.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar/package.json" + }, + { + "ID": "tar-fs@2.1.3", + "Name": "tar-fs", + "Identifier": { + "PURL": "pkg:npm/tar-fs@2.1.3", + "UID": "aed465b4e79058d7" + }, + "Version": "2.1.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-fs/package.json" + }, + { + "ID": "tar-stream@1.6.2", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@1.6.2", + "UID": "5e28410c4a2e6ad0" + }, + "Version": "1.6.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-stream/package.json" + }, + { + "ID": "tar-stream@2.2.0", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@2.2.0", + "UID": "83c3aeb3437b628" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar-fs/node_modules/tar-stream/package.json" + }, + { + "ID": "tdigest@0.1.2", + "Name": "tdigest", + "Identifier": { + "PURL": "pkg:npm/tdigest@0.1.2", + "UID": "e02ae6fa43cefe31" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tdigest/package.json" + }, + { + "ID": "text-hex@1.0.0", + "Name": "text-hex", + "Identifier": { + "PURL": "pkg:npm/text-hex@1.0.0", + "UID": "8a0001a6b6aa4f9b" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/text-hex/package.json" + }, + { + "ID": "thirty-two@1.0.2", + "Name": "thirty-two", + "Identifier": { + "PURL": "pkg:npm/thirty-two@1.0.2", + "UID": "34bd882cf8f1fab4" + }, + "Version": "1.0.2", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/thirty-two/package.json" + }, + { + "ID": "through@2.3.8", + "Name": "through", + "Identifier": { + "PURL": "pkg:npm/through@2.3.8", + "UID": "57491d5988088d53" + }, + "Version": "2.3.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/through/package.json" + }, + { + "ID": "timed-out@4.0.1", + "Name": "timed-out", + "Identifier": { + "PURL": "pkg:npm/timed-out@4.0.1", + "UID": "e275ff2b4fc5d112" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/timed-out/package.json" + }, + { + "ID": "tiny-inflate@1.0.3", + "Name": "tiny-inflate", + "Identifier": { + "PURL": "pkg:npm/tiny-inflate@1.0.3", + "UID": "e026cfdea6f37859" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tiny-inflate/package.json" + }, + { + "ID": "tinyglobby@0.2.14", + "Name": "tinyglobby", + "Identifier": { + "PURL": "pkg:npm/tinyglobby@0.2.14", + "UID": "151113c427ad717d" + }, + "Version": "0.2.14", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tinyglobby/package.json" + }, + { + "ID": "to-buffer@1.2.1", + "Name": "to-buffer", + "Identifier": { + "PURL": "pkg:npm/to-buffer@1.2.1", + "UID": "296f258e0113ce30" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/to-buffer/package.json" + }, + { + "ID": "to-object-path@0.3.0", + "Name": "to-object-path", + "Identifier": { + "PURL": "pkg:npm/to-object-path@0.3.0", + "UID": "d450547327dc7a02" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/to-object-path/package.json" + }, + { + "ID": "to-regex@3.0.2", + "Name": "to-regex", + "Identifier": { + "PURL": "pkg:npm/to-regex@3.0.2", + "UID": "ceb2228dae1b7088" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/to-regex/package.json" + }, + { + "ID": "to-regex-range@2.1.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@2.1.1", + "UID": "9e4204f3f1aa9864" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/to-regex-range/package.json" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "a9a0711ba10f62e2" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/chokidar/node_modules/to-regex-range/package.json" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "6ef451c6a7ee8109" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/to-regex-range/package.json" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "93a7cb0c3f34e48d" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/liftup/node_modules/to-regex-range/package.json" + }, + { + "ID": "toidentifier@1.0.1", + "Name": "toidentifier", + "Identifier": { + "PURL": "pkg:npm/toidentifier@1.0.1", + "UID": "de0d336563c0fea5" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/toidentifier/package.json" + }, + { + "ID": "token-stream@1.0.0", + "Name": "token-stream", + "Identifier": { + "PURL": "pkg:npm/token-stream@1.0.0", + "UID": "5186ebb29556b0eb" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/token-stream/package.json" + }, + { + "ID": "token-types@4.2.1", + "Name": "token-types", + "Identifier": { + "PURL": "pkg:npm/token-types@4.2.1", + "UID": "44c4e856655e689d" + }, + "Version": "4.2.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/token-types/package.json" + }, + { + "ID": "toposort-class@1.0.1", + "Name": "toposort-class", + "Identifier": { + "PURL": "pkg:npm/toposort-class@1.0.1", + "UID": "69d92bb3304725cb" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/toposort-class/package.json" + }, + { + "ID": "tr46@0.0.3", + "Name": "tr46", + "Identifier": { + "PURL": "pkg:npm/tr46@0.0.3", + "UID": "754db7d61a6aecfd" + }, + "Version": "0.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tr46/package.json" + }, + { + "ID": "traverse@0.3.9", + "Name": "traverse", + "Identifier": { + "PURL": "pkg:npm/traverse@0.3.9", + "UID": "5c868caafa84f29a" + }, + "Version": "0.3.9", + "Licenses": [ + "MIT/X11" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/traverse/package.json" + }, + { + "ID": "tree-kill@1.2.2", + "Name": "tree-kill", + "Identifier": { + "PURL": "pkg:npm/tree-kill@1.2.2", + "UID": "3c982361b07ed53" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tree-kill/package.json" + }, + { + "ID": "trim-repeated@1.0.0", + "Name": "trim-repeated", + "Identifier": { + "PURL": "pkg:npm/trim-repeated@1.0.0", + "UID": "919f2a851395e7a7" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/trim-repeated/package.json" + }, + { + "ID": "triple-beam@1.4.1", + "Name": "triple-beam", + "Identifier": { + "PURL": "pkg:npm/triple-beam@1.4.1", + "UID": "c09a4423e9655c5d" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/triple-beam/package.json" + }, + { + "ID": "truncate-utf8-bytes@1.0.2", + "Name": "truncate-utf8-bytes", + "Identifier": { + "PURL": "pkg:npm/truncate-utf8-bytes@1.0.2", + "UID": "b900ecf6f045f41c" + }, + "Version": "1.0.2", + "Licenses": [ + "WTFPL" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/truncate-utf8-bytes/package.json" + }, + { + "ID": "ts-node@9.1.1", + "Name": "ts-node", + "Identifier": { + "PURL": "pkg:npm/ts-node@9.1.1", + "UID": "7064b51f6544b61c" + }, + "Version": "9.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/node_modules/ts-node/package.json" + }, + { + "ID": "ts-node-dev@1.1.8", + "Name": "ts-node-dev", + "Identifier": { + "PURL": "pkg:npm/ts-node-dev@1.1.8", + "UID": "7d106536f363a898" + }, + "Version": "1.1.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ts-node-dev/package.json" + }, + { + "ID": "tsconfig@7.0.0", + "Name": "tsconfig", + "Identifier": { + "PURL": "pkg:npm/tsconfig@7.0.0", + "UID": "26bb5e58acefd3e7" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tsconfig/package.json" + }, + { + "ID": "tslib@2.7.0", + "Name": "tslib", + "Identifier": { + "PURL": "pkg:npm/tslib@2.7.0", + "UID": "1e4ba957e973fa43" + }, + "Version": "2.7.0", + "Licenses": [ + "0BSD" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tslib/package.json" + }, + { + "ID": "tunnel-agent@0.6.0", + "Name": "tunnel-agent", + "Identifier": { + "PURL": "pkg:npm/tunnel-agent@0.6.0", + "UID": "e3fa0c63aaaf5f53" + }, + "Version": "0.6.0", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tunnel-agent/package.json" + }, + { + "ID": "type-is@1.6.18", + "Name": "type-is", + "Identifier": { + "PURL": "pkg:npm/type-is@1.6.18", + "UID": "6af6ab93825d30c4" + }, + "Version": "1.6.18", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/type-is/package.json" + }, + { + "ID": "typecast@0.0.1", + "Name": "typecast", + "Identifier": { + "PURL": "pkg:npm/typecast@0.0.1", + "UID": "71706ec7735fa89b" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/typecast/package.json" + }, + { + "ID": "typed-array-buffer@1.0.3", + "Name": "typed-array-buffer", + "Identifier": { + "PURL": "pkg:npm/typed-array-buffer@1.0.3", + "UID": "9f760b35e7942190" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/typed-array-buffer/package.json" + }, + { + "ID": "typedarray@0.0.6", + "Name": "typedarray", + "Identifier": { + "PURL": "pkg:npm/typedarray@0.0.6", + "UID": "55b49d091f33149e" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/typedarray/package.json" + }, + { + "ID": "typescript@5.3.3", + "Name": "typescript", + "Identifier": { + "PURL": "pkg:npm/typescript@5.3.3", + "UID": "cb2191669b8739" + }, + "Version": "5.3.3", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/typescript/package.json" + }, + { + "ID": "uglify-js@3.19.3", + "Name": "uglify-js", + "Identifier": { + "PURL": "pkg:npm/uglify-js@3.19.3", + "UID": "810a6a55804a06d5" + }, + "Version": "3.19.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/uglify-js/package.json" + }, + { + "ID": "unbzip2-stream@1.4.3", + "Name": "unbzip2-stream", + "Identifier": { + "PURL": "pkg:npm/unbzip2-stream@1.4.3", + "UID": "4e253844167b2d2e" + }, + "Version": "1.4.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unbzip2-stream/package.json" + }, + { + "ID": "unc-path-regex@0.1.2", + "Name": "unc-path-regex", + "Identifier": { + "PURL": "pkg:npm/unc-path-regex@0.1.2", + "UID": "f5d77de7fdd860fa" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unc-path-regex/package.json" + }, + { + "ID": "underscore.string@3.3.6", + "Name": "underscore.string", + "Identifier": { + "PURL": "pkg:npm/underscore.string@3.3.6", + "UID": "1e30d3179c6971ee" + }, + "Version": "3.3.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/underscore.string/package.json" + }, + { + "ID": "undici-types@6.19.8", + "Name": "undici-types", + "Identifier": { + "PURL": "pkg:npm/undici-types@6.19.8", + "UID": "556a4a6d6402baf9" + }, + "Version": "6.19.8", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ethers/node_modules/undici-types/package.json" + }, + { + "ID": "undici-types@6.21.0", + "Name": "undici-types", + "Identifier": { + "PURL": "pkg:npm/undici-types@6.21.0", + "UID": "8b85e2b334d345bd" + }, + "Version": "6.21.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/undici-types/package.json" + }, + { + "ID": "unicode-properties@1.4.1", + "Name": "unicode-properties", + "Identifier": { + "PURL": "pkg:npm/unicode-properties@1.4.1", + "UID": "eb7a02dff5927e79" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unicode-properties/package.json" + }, + { + "ID": "unicode-trie@2.0.0", + "Name": "unicode-trie", + "Identifier": { + "PURL": "pkg:npm/unicode-trie@2.0.0", + "UID": "179448bdb13f154c" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unicode-trie/package.json" + }, + { + "ID": "union-value@1.0.1", + "Name": "union-value", + "Identifier": { + "PURL": "pkg:npm/union-value@1.0.1", + "UID": "7e26e7365232afe6" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/union-value/package.json" + }, + { + "ID": "unique-filename@1.1.1", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@1.1.1", + "UID": "8a35424c9c9c753" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/unique-filename/package.json" + }, + { + "ID": "unique-filename@4.0.0", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@4.0.0", + "UID": "cd56815e7c8e6d47" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unique-filename/package.json" + }, + { + "ID": "unique-slug@2.0.2", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@2.0.2", + "UID": "c3646dcc2ee5f5c2" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/unique-slug/package.json" + }, + { + "ID": "unique-slug@5.0.0", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@5.0.0", + "UID": "426106b4baa5c197" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unique-slug/package.json" + }, + { + "ID": "unit-compare@1.0.1", + "Name": "unit-compare", + "Identifier": { + "PURL": "pkg:npm/unit-compare@1.0.1", + "UID": "7fdf2326c9bd9a3c" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unit-compare/package.json" + }, + { + "ID": "universalify@2.0.1", + "Name": "universalify", + "Identifier": { + "PURL": "pkg:npm/universalify@2.0.1", + "UID": "e3b290cf0b94cd3b" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/universalify/package.json" + }, + { + "ID": "unpipe@1.0.0", + "Name": "unpipe", + "Identifier": { + "PURL": "pkg:npm/unpipe@1.0.0", + "UID": "4df0ef0095f10819" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unpipe/package.json" + }, + { + "ID": "unset-value@1.0.0", + "Name": "unset-value", + "Identifier": { + "PURL": "pkg:npm/unset-value@1.0.0", + "UID": "fb01a6c658fface2" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unset-value/package.json" + }, + { + "ID": "untildify@2.1.0", + "Name": "untildify", + "Identifier": { + "PURL": "pkg:npm/untildify@2.1.0", + "UID": "aafb1cceba3b2e1f" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/untildify/package.json" + }, + { + "ID": "unzipper@0.9.15", + "Name": "unzipper", + "Identifier": { + "PURL": "pkg:npm/unzipper@0.9.15", + "UID": "8ee97a77b766c72f" + }, + "Version": "0.9.15", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/unzipper/package.json" + }, + { + "ID": "urix@0.1.0", + "Name": "urix", + "Identifier": { + "PURL": "pkg:npm/urix@0.1.0", + "UID": "79143d12ded50174" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/urix/package.json" + }, + { + "ID": "url-parse-lax@3.0.0", + "Name": "url-parse-lax", + "Identifier": { + "PURL": "pkg:npm/url-parse-lax@3.0.0", + "UID": "5df193db6ac77b34" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/url-parse-lax/package.json" + }, + { + "ID": "url-to-options@1.0.1", + "Name": "url-to-options", + "Identifier": { + "PURL": "pkg:npm/url-to-options@1.0.1", + "UID": "1557d9de6c284377" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/url-to-options/package.json" + }, + { + "ID": "use@3.1.1", + "Name": "use", + "Identifier": { + "PURL": "pkg:npm/use@3.1.1", + "UID": "beaeafdb3b335ad0" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/use/package.json" + }, + { + "ID": "utf8-byte-length@1.0.5", + "Name": "utf8-byte-length", + "Identifier": { + "PURL": "pkg:npm/utf8-byte-length@1.0.5", + "UID": "bfec7bd5f7ad790a" + }, + "Version": "1.0.5", + "Licenses": [ + "(WTFPL OR MIT)" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/utf8-byte-length/package.json" + }, + { + "ID": "util@0.12.5", + "Name": "util", + "Identifier": { + "PURL": "pkg:npm/util@0.12.5", + "UID": "134940c465ee9977" + }, + "Version": "0.12.5", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/util/package.json" + }, + { + "ID": "util-deprecate@1.0.2", + "Name": "util-deprecate", + "Identifier": { + "PURL": "pkg:npm/util-deprecate@1.0.2", + "UID": "aabb68cc65c09120" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/util-deprecate/package.json" + }, + { + "ID": "utils-merge@1.0.1", + "Name": "utils-merge", + "Identifier": { + "PURL": "pkg:npm/utils-merge@1.0.1", + "UID": "dcbf5f489484f126" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/utils-merge/package.json" + }, + { + "ID": "uuid@8.3.2", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@8.3.2", + "UID": "26be9fb0d915ff1d" + }, + "Version": "8.3.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/uuid/package.json" + }, + { + "ID": "v8flags@3.2.0", + "Name": "v8flags", + "Identifier": { + "PURL": "pkg:npm/v8flags@3.2.0", + "UID": "93c786867c11e21b" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/grunt/node_modules/v8flags/package.json" + }, + { + "ID": "validate@4.5.1", + "Name": "validate", + "Identifier": { + "PURL": "pkg:npm/validate@4.5.1", + "UID": "6ac9c43463572eb5" + }, + "Version": "4.5.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/validate/package.json" + }, + { + "ID": "validator@13.15.15", + "Name": "validator", + "Identifier": { + "PURL": "pkg:npm/validator@13.15.15", + "UID": "cf8a5ee11cfb522e" + }, + "Version": "13.15.15", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/validator/package.json" + }, + { + "ID": "vary@1.1.2", + "Name": "vary", + "Identifier": { + "PURL": "pkg:npm/vary@1.1.2", + "UID": "39699b016fbb63d1" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/vary/package.json" + }, + { + "ID": "vm2@3.9.17", + "Name": "vm2", + "Identifier": { + "PURL": "pkg:npm/vm2@3.9.17", + "UID": "76ba5b4eb1192b4e" + }, + "Version": "3.9.17", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/vm2/package.json" + }, + { + "ID": "void-elements@3.1.0", + "Name": "void-elements", + "Identifier": { + "PURL": "pkg:npm/void-elements@3.1.0", + "UID": "488ad7a1b39ae95d" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/void-elements/package.json" + }, + { + "ID": "walk@2.3.15", + "Name": "walk", + "Identifier": { + "PURL": "pkg:npm/walk@2.3.15", + "UID": "4b931073b7ddefae" + }, + "Version": "2.3.15", + "Licenses": [ + "(MIT OR Apache-2.0)" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/walk/package.json" + }, + { + "ID": "walkdir@0.0.11", + "Name": "walkdir", + "Identifier": { + "PURL": "pkg:npm/walkdir@0.0.11", + "UID": "cd83f22cad2318c8" + }, + "Version": "0.0.11", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/walkdir/package.json" + }, + { + "ID": "web3@4.16.0", + "Name": "web3", + "Identifier": { + "PURL": "pkg:npm/web3@4.16.0", + "UID": "6f6923ea534a9941" + }, + "Version": "4.16.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3/package.json" + }, + { + "ID": "web3-core@4.7.1", + "Name": "web3-core", + "Identifier": { + "PURL": "pkg:npm/web3-core@4.7.1", + "UID": "6897ef6970fe622c" + }, + "Version": "4.7.1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-core/package.json" + }, + { + "ID": "web3-errors@1.3.1", + "Name": "web3-errors", + "Identifier": { + "PURL": "pkg:npm/web3-errors@1.3.1", + "UID": "9520c197c4075401" + }, + "Version": "1.3.1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-errors/package.json" + }, + { + "ID": "web3-eth@4.11.1", + "Name": "web3-eth", + "Identifier": { + "PURL": "pkg:npm/web3-eth@4.11.1", + "UID": "c8ee4bce72b14c38" + }, + "Version": "4.11.1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth/package.json" + }, + { + "ID": "web3-eth-abi@4.4.1", + "Name": "web3-eth-abi", + "Identifier": { + "PURL": "pkg:npm/web3-eth-abi@4.4.1", + "UID": "1fb84503fd5ebb85" + }, + "Version": "4.4.1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-abi/package.json" + }, + { + "ID": "web3-eth-accounts@4.3.1", + "Name": "web3-eth-accounts", + "Identifier": { + "PURL": "pkg:npm/web3-eth-accounts@4.3.1", + "UID": "dca8fa4fdb803189" + }, + "Version": "4.3.1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-accounts/package.json" + }, + { + "ID": "web3-eth-contract@4.7.2", + "Name": "web3-eth-contract", + "Identifier": { + "PURL": "pkg:npm/web3-eth-contract@4.7.2", + "UID": "bcc8b7fe35f1f5a6" + }, + "Version": "4.7.2", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-contract/package.json" + }, + { + "ID": "web3-eth-ens@4.4.0", + "Name": "web3-eth-ens", + "Identifier": { + "PURL": "pkg:npm/web3-eth-ens@4.4.0", + "UID": "f520b5f1fb2a0ba4" + }, + "Version": "4.4.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-ens/package.json" + }, + { + "ID": "web3-eth-iban@4.0.7", + "Name": "web3-eth-iban", + "Identifier": { + "PURL": "pkg:npm/web3-eth-iban@4.0.7", + "UID": "66de71d0c6f7cd04" + }, + "Version": "4.0.7", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-iban/package.json" + }, + { + "ID": "web3-eth-personal@4.1.0", + "Name": "web3-eth-personal", + "Identifier": { + "PURL": "pkg:npm/web3-eth-personal@4.1.0", + "UID": "22c1a3cb660e556e" + }, + "Version": "4.1.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-eth-personal/package.json" + }, + { + "ID": "web3-net@4.1.0", + "Name": "web3-net", + "Identifier": { + "PURL": "pkg:npm/web3-net@4.1.0", + "UID": "f314af38f51672f9" + }, + "Version": "4.1.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-net/package.json" + }, + { + "ID": "web3-providers-http@4.2.0", + "Name": "web3-providers-http", + "Identifier": { + "PURL": "pkg:npm/web3-providers-http@4.2.0", + "UID": "20dae87003354d7f" + }, + "Version": "4.2.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-providers-http/package.json" + }, + { + "ID": "web3-providers-ipc@4.0.7", + "Name": "web3-providers-ipc", + "Identifier": { + "PURL": "pkg:npm/web3-providers-ipc@4.0.7", + "UID": "bc242a7ec3062bf9" + }, + "Version": "4.0.7", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-providers-ipc/package.json" + }, + { + "ID": "web3-providers-ws@4.0.8", + "Name": "web3-providers-ws", + "Identifier": { + "PURL": "pkg:npm/web3-providers-ws@4.0.8", + "UID": "39a4c5f1f3178ea4" + }, + "Version": "4.0.8", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-providers-ws/package.json" + }, + { + "ID": "web3-rpc-methods@1.3.0", + "Name": "web3-rpc-methods", + "Identifier": { + "PURL": "pkg:npm/web3-rpc-methods@1.3.0", + "UID": "e97656fad03185a8" + }, + "Version": "1.3.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-rpc-methods/package.json" + }, + { + "ID": "web3-rpc-providers@1.0.0-rc.4", + "Name": "web3-rpc-providers", + "Identifier": { + "PURL": "pkg:npm/web3-rpc-providers@1.0.0-rc.4", + "UID": "324eb94aabbb1215" + }, + "Version": "1.0.0-rc.4", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-rpc-providers/package.json" + }, + { + "ID": "web3-types@1.10.0", + "Name": "web3-types", + "Identifier": { + "PURL": "pkg:npm/web3-types@1.10.0", + "UID": "b0f64a3c21cfbeee" + }, + "Version": "1.10.0", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-types/package.json" + }, + { + "ID": "web3-utils@4.3.3", + "Name": "web3-utils", + "Identifier": { + "PURL": "pkg:npm/web3-utils@4.3.3", + "UID": "d5ffa00a03e4c44c" + }, + "Version": "4.3.3", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-utils/package.json" + }, + { + "ID": "web3-validator@2.0.6", + "Name": "web3-validator", + "Identifier": { + "PURL": "pkg:npm/web3-validator@2.0.6", + "UID": "f14244c2a5a12e8a" + }, + "Version": "2.0.6", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/web3-validator/package.json" + }, + { + "ID": "webidl-conversions@3.0.1", + "Name": "webidl-conversions", + "Identifier": { + "PURL": "pkg:npm/webidl-conversions@3.0.1", + "UID": "96f4ea04cdaf59a5" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/webidl-conversions/package.json" + }, + { + "ID": "whatwg-url@5.0.0", + "Name": "whatwg-url", + "Identifier": { + "PURL": "pkg:npm/whatwg-url@5.0.0", + "UID": "b2e5e3f18e468cea" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/whatwg-url/package.json" + }, + { + "ID": "which@1.3.1", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@1.3.1", + "UID": "cabe71aa2b19ed3" + }, + "Version": "1.3.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/global-prefix/node_modules/which/package.json" + }, + { + "ID": "which@2.0.2", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@2.0.2", + "UID": "ff146d3d1b37b4e1" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which/package.json" + }, + { + "ID": "which@5.0.0", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@5.0.0", + "UID": "e092f48fd71c886d" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/node-gyp/node_modules/which/package.json" + }, + { + "ID": "which-boxed-primitive@1.1.1", + "Name": "which-boxed-primitive", + "Identifier": { + "PURL": "pkg:npm/which-boxed-primitive@1.1.1", + "UID": "a775586b57303d14" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which-boxed-primitive/package.json" + }, + { + "ID": "which-collection@1.0.2", + "Name": "which-collection", + "Identifier": { + "PURL": "pkg:npm/which-collection@1.0.2", + "UID": "5acbc50837094c2c" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which-collection/package.json" + }, + { + "ID": "which-module@2.0.1", + "Name": "which-module", + "Identifier": { + "PURL": "pkg:npm/which-module@2.0.1", + "UID": "ac107281dfe17024" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which-module/package.json" + }, + { + "ID": "which-pm-runs@1.1.0", + "Name": "which-pm-runs", + "Identifier": { + "PURL": "pkg:npm/which-pm-runs@1.1.0", + "UID": "8ba2acf9a1387645" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which-pm-runs/package.json" + }, + { + "ID": "which-typed-array@1.1.19", + "Name": "which-typed-array", + "Identifier": { + "PURL": "pkg:npm/which-typed-array@1.1.19", + "UID": "4b7a06b2ddabe7f2" + }, + "Version": "1.1.19", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/which-typed-array/package.json" + }, + { + "ID": "wide-align@1.1.3", + "Name": "wide-align", + "Identifier": { + "PURL": "pkg:npm/wide-align@1.1.3", + "UID": "f8f90a69abfaf1b3" + }, + "Version": "1.1.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wide-align/package.json" + }, + { + "ID": "wide-align@1.1.5", + "Name": "wide-align", + "Identifier": { + "PURL": "pkg:npm/wide-align@1.1.5", + "UID": "6f064d3968c2d2e9" + }, + "Version": "1.1.5", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/wide-align/package.json" + }, + { + "ID": "winston@3.17.0", + "Name": "winston", + "Identifier": { + "PURL": "pkg:npm/winston@3.17.0", + "UID": "5d4864bed317594a" + }, + "Version": "3.17.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston/package.json" + }, + { + "ID": "winston-transport@4.9.0", + "Name": "winston-transport", + "Identifier": { + "PURL": "pkg:npm/winston-transport@4.9.0", + "UID": "e038e9edc7a48dd9" + }, + "Version": "4.9.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/winston-transport/package.json" + }, + { + "ID": "with@7.0.2", + "Name": "with", + "Identifier": { + "PURL": "pkg:npm/with@7.0.2", + "UID": "d1e1cb5a70d0ff82" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/with/package.json" + }, + { + "ID": "wkx@0.5.0", + "Name": "wkx", + "Identifier": { + "PURL": "pkg:npm/wkx@0.5.0", + "UID": "40044633da328aa" + }, + "Version": "0.5.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wkx/package.json" + }, + { + "ID": "wordwrap@0.0.3", + "Name": "wordwrap", + "Identifier": { + "PURL": "pkg:npm/wordwrap@0.0.3", + "UID": "42293bae0bf3107e" + }, + "Version": "0.0.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wordwrap/package.json" + }, + { + "ID": "wordwrap@1.0.0", + "Name": "wordwrap", + "Identifier": { + "PURL": "pkg:npm/wordwrap@1.0.0", + "UID": "18c2d63d2cfe70e5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/handlebars/node_modules/wordwrap/package.json" + }, + { + "ID": "wrap-ansi@6.2.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@6.2.0", + "UID": "f11437210a4ac72e" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/wrap-ansi/package.json" + }, + { + "ID": "wrap-ansi@7.0.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@7.0.0", + "UID": "415ed8b67bfc0e0f" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi-cjs/package.json" + }, + { + "ID": "wrap-ansi@8.1.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@8.1.0", + "UID": "fe8116a7234aee14" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrap-ansi/package.json" + }, + { + "ID": "wrappy@1.0.2", + "Name": "wrappy", + "Identifier": { + "PURL": "pkg:npm/wrappy@1.0.2", + "UID": "7d2192184b9ad5c" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/wrappy/package.json" + }, + { + "ID": "ws@7.4.6", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@7.4.6", + "UID": "99c0e0e6dc5ddca1" + }, + "Version": "7.4.6", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/engine.io/node_modules/ws/package.json" + }, + { + "ID": "ws@8.17.1", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@8.17.1", + "UID": "9a93d4e1bdd8b71a" + }, + "Version": "8.17.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/ws/package.json" + }, + { + "ID": "xtend@4.0.2", + "Name": "xtend", + "Identifier": { + "PURL": "pkg:npm/xtend@4.0.2", + "UID": "5531db479d6ddf23" + }, + "Version": "4.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/xtend/package.json" + }, + { + "ID": "y18n@4.0.3", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@4.0.3", + "UID": "12f3674f3310ccc3" + }, + "Version": "4.0.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/y18n/package.json" + }, + { + "ID": "yallist@3.1.1", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@3.1.1", + "UID": "94e0ddd7fb7b06fb" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/yallist/package.json" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "83ac1c56e1ed8056" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-flush/node_modules/yallist/package.json" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "19cee1300f95c9a4" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-pipeline/node_modules/yallist/package.json" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "16e838563ce1a9cf" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/minipass-sized/node_modules/yallist/package.json" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "b163bc044c9e5f6b" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/sqlite3/node_modules/yallist/package.json" + }, + { + "ID": "yallist@5.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@5.0.0", + "UID": "100823a37832dfcc" + }, + "Version": "5.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/tar/node_modules/yallist/package.json" + }, + { + "ID": "yaml-schema-validator@1.2.3", + "Name": "yaml-schema-validator", + "Identifier": { + "PURL": "pkg:npm/yaml-schema-validator@1.2.3", + "UID": "1ce7baa630b7909c" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/yaml-schema-validator/package.json" + }, + { + "ID": "yargs@15.4.1", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@15.4.1", + "UID": "c2d53ab8d60975a4" + }, + "Version": "15.4.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/yargs/package.json" + }, + { + "ID": "yargs-parser@18.1.3", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@18.1.3", + "UID": "c226f6f2ea401d8a" + }, + "Version": "18.1.3", + "Licenses": [ + "ISC" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/replace/node_modules/yargs-parser/package.json" + }, + { + "ID": "yauzl@2.10.0", + "Name": "yauzl", + "Identifier": { + "PURL": "pkg:npm/yauzl@2.10.0", + "UID": "16df0dd42c0b7311" + }, + "Version": "2.10.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/yauzl/package.json" + }, + { + "ID": "yn@3.1.1", + "Name": "yn", + "Identifier": { + "PURL": "pkg:npm/yn@3.1.1", + "UID": "7bb0c8dc39f49fec" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/yn/package.json" + }, + { + "ID": "z85@0.0.2", + "Name": "z85", + "Identifier": { + "PURL": "pkg:npm/z85@0.0.2", + "UID": "9b23fd2154ebc53f" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/z85/package.json" + }, + { + "ID": "zip-stream@1.2.0", + "Name": "zip-stream", + "Identifier": { + "PURL": "pkg:npm/zip-stream@1.2.0", + "UID": "1b5384142f4d19f1" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/zip-stream/package.json" + }, + { + "ID": "zod@3.25.76", + "Name": "zod", + "Identifier": { + "PURL": "pkg:npm/zod@3.25.76", + "UID": "870902de83b321c5" + }, + "Version": "3.25.76", + "Licenses": [ + "MIT" + ], + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "FilePath": "juice-shop/node_modules/zod/package.json" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "NSWG-ECO-428", + "PkgID": "base64url@0.0.6", + "PkgName": "base64url", + "PkgPath": "juice-shop/node_modules/base64url/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/base64url@0.0.6", + "UID": "37b2d3176f8fdba9" + }, + "InstalledVersion": "0.0.6", + "FixedVersion": "\u003e=3.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://hackerone.com/reports/321687", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "Out-of-bounds Read", + "Description": "`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below", + "Severity": "HIGH", + "VendorSeverity": { + "nodejs-security-wg": 3 + }, + "References": [ + "https://github.com/brianloveswords/base64url/pull/25", + "https://hackerone.com/reports/321687" + ] + }, + { + "VulnerabilityID": "GHSA-rvg8-pwq2-xj7q", + "PkgID": "base64url@0.0.6", + "PkgName": "base64url", + "PkgPath": "juice-shop/node_modules/base64url/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/base64url@0.0.6", + "UID": "37b2d3176f8fdba9" + }, + "InstalledVersion": "0.0.6", + "FixedVersion": "3.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-rvg8-pwq2-xj7q", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Out-of-bounds Read in base64url", + "Description": "Versions of `base64url` before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.\n\n\n## Recommendation\n\nUpdate to version 3.0.0 or later.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "References": [ + "https://github.com/brianloveswords/base64url", + "https://github.com/brianloveswords/base64url/commit/4fbd954a0a69e9d898de2146557cc6e893e79542", + "https://github.com/brianloveswords/base64url/pull/25", + "https://hackerone.com/reports/321687" + ], + "PublishedDate": "2020-09-01T20:42:44Z", + "LastModifiedDate": "2021-09-24T20:34:56Z" + }, + { + "VulnerabilityID": "CVE-2024-4068", + "PkgID": "braces@2.3.2", + "PkgName": "braces", + "PkgPath": "juice-shop/node_modules/braces/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/braces@2.3.2", + "UID": "a453a1accd8298fb" + }, + "InstalledVersion": "2.3.2", + "FixedVersion": "3.0.3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-4068", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "braces: fails to limit the number of characters it can handle", + "Description": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1050", + "CWE-400" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-4068", + "https://devhub.checkmarx.com/cve-details/CVE-2024-4068", + "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", + "https://github.com/micromatch/braces", + "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", + "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff", + "https://github.com/micromatch/braces/issues/35", + "https://github.com/micromatch/braces/pull/37", + "https://github.com/micromatch/braces/pull/40", + "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", + "https://www.cve.org/CVERecord?id=CVE-2024-4068" + ], + "PublishedDate": "2024-05-14T15:42:48.66Z", + "LastModifiedDate": "2025-08-04T14:26:34.2Z" + }, + { + "VulnerabilityID": "CVE-2024-47764", + "PkgID": "cookie@0.4.2", + "PkgName": "cookie", + "PkgPath": "juice-shop/node_modules/engine.io/node_modules/cookie/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/cookie@0.4.2", + "UID": "9de3a0e52eea0952" + }, + "InstalledVersion": "0.4.2", + "FixedVersion": "0.7.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47764", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters", + "Description": "cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.", + "Severity": "LOW", + "CweIDs": [ + "CWE-74" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "ghsa": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-47764", + "https://github.com/jshttp/cookie", + "https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c", + "https://github.com/jshttp/cookie/pull/167", + "https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x", + "https://nvd.nist.gov/vuln/detail/CVE-2024-47764", + "https://www.cve.org/CVERecord?id=CVE-2024-47764" + ], + "PublishedDate": "2024-10-04T20:15:07.31Z", + "LastModifiedDate": "2024-10-07T17:48:28.117Z" + }, + { + "VulnerabilityID": "CVE-2023-46233", + "PkgID": "crypto-js@3.3.0", + "PkgName": "crypto-js", + "PkgPath": "juice-shop/node_modules/crypto-js/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/crypto-js@3.3.0", + "UID": "968c6884db7b658" + }, + "InstalledVersion": "3.3.0", + "FixedVersion": "4.2.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-46233", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard", + "Description": "crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-328", + "CWE-916", + "CWE-327" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-46233", + "https://github.com/brix/crypto-js", + "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a", + "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-46233", + "https://ubuntu.com/security/notices/USN-6753-1", + "https://www.cve.org/CVERecord?id=CVE-2023-46233" + ], + "PublishedDate": "2023-10-25T21:15:10.307Z", + "LastModifiedDate": "2024-11-21T08:28:07.867Z" + }, + { + "VulnerabilityID": "CVE-2022-41940", + "PkgID": "engine.io@4.1.2", + "PkgName": "engine.io", + "PkgPath": "juice-shop/node_modules/engine.io/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/engine.io@4.1.2", + "UID": "140b9ddc3959168c" + }, + "InstalledVersion": "4.1.2", + "FixedVersion": "3.6.1, 6.2.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41940", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "engine.io: Specially crafted HTTP request can trigger an uncaught exception", + "Description": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41940", + "https://github.com/socketio/engine.io", + "https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6", + "https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085", + "https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", + "https://www.cve.org/CVERecord?id=CVE-2022-41940" + ], + "PublishedDate": "2022-11-22T01:15:37.847Z", + "LastModifiedDate": "2024-11-21T07:24:06.98Z" + }, + { + "VulnerabilityID": "CVE-2020-15084", + "PkgID": "express-jwt@0.1.3", + "PkgName": "express-jwt", + "PkgPath": "juice-shop/node_modules/express-jwt/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/express-jwt@0.1.3", + "UID": "ff43a00952d1fea" + }, + "InstalledVersion": "0.1.3", + "FixedVersion": "6.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15084", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Authorization bypass in express-jwt", + "Description": "In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-285", + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 4 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "V3Score": 7.7 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 4.3, + "V3Score": 9.1 + } + }, + "References": [ + "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef", + "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf", + "https://nvd.nist.gov/vuln/detail/CVE-2020-15084" + ], + "PublishedDate": "2020-06-30T16:15:15.22Z", + "LastModifiedDate": "2024-11-21T05:04:46.753Z" + }, + { + "VulnerabilityID": "CVE-2022-33987", + "PkgID": "got@8.3.2", + "PkgName": "got", + "PkgPath": "juice-shop/node_modules/got/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/got@8.3.2", + "UID": "565e22ebc733911a" + }, + "InstalledVersion": "8.3.2", + "FixedVersion": "12.1.0, 11.8.5", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-33987", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets", + "Description": "The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6595", + "https://access.redhat.com/security/cve/CVE-2022-33987", + "https://bugzilla.redhat.com/1907444", + "https://bugzilla.redhat.com/1945459", + "https://bugzilla.redhat.com/1964461", + "https://bugzilla.redhat.com/2007557", + "https://bugzilla.redhat.com/2098556", + "https://bugzilla.redhat.com/2102001", + "https://bugzilla.redhat.com/2105422", + "https://bugzilla.redhat.com/2105426", + "https://bugzilla.redhat.com/2105428", + "https://bugzilla.redhat.com/2105430", + "https://errata.almalinux.org/9/ALSA-2022-6595.html", + "https://github.com/sindresorhus/got", + "https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc", + "https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0", + "https://github.com/sindresorhus/got/pull/2047", + "https://github.com/sindresorhus/got/releases/tag/v11.8.5", + "https://github.com/sindresorhus/got/releases/tag/v12.1.0", + "https://linux.oracle.com/cve/CVE-2022-33987.html", + "https://linux.oracle.com/errata/ELSA-2022-6595.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-33987", + "https://www.cve.org/CVERecord?id=CVE-2022-33987" + ], + "PublishedDate": "2022-06-18T21:15:07.933Z", + "LastModifiedDate": "2024-11-21T07:08:43.62Z" + }, + { + "VulnerabilityID": "CVE-2022-25881", + "PkgID": "http-cache-semantics@3.8.1", + "PkgName": "http-cache-semantics", + "PkgPath": "juice-shop/node_modules/http-cache-semantics/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/http-cache-semantics@3.8.1", + "UID": "868c747b9b0d5ddb" + }, + "InstalledVersion": "3.8.1", + "FixedVersion": "4.1.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25881", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", + "Description": "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2655", + "https://access.redhat.com/security/cve/CVE-2022-25881", + "https://bugzilla.redhat.com/2165824", + "https://bugzilla.redhat.com/2168631", + "https://bugzilla.redhat.com/2171935", + "https://bugzilla.redhat.com/2172190", + "https://bugzilla.redhat.com/2172204", + "https://bugzilla.redhat.com/2172217", + "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2168631", + "https://bugzilla.redhat.com/show_bug.cgi?id=2171935", + "https://bugzilla.redhat.com/show_bug.cgi?id=2172190", + "https://bugzilla.redhat.com/show_bug.cgi?id=2172204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2172217", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178076", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25881", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807", + "https://errata.almalinux.org/9/ALSA-2023-2655.html", + "https://errata.rockylinux.org/RLSA-2023:2655", + "https://github.com/kornelski/http-cache-semantics", + "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83", + "https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74", + "https://linux.oracle.com/cve/CVE-2022-25881.html", + "https://linux.oracle.com/errata/ELSA-2023-2655.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", + "https://security.netapp.com/advisory/ntap-20230622-0008", + "https://security.netapp.com/advisory/ntap-20230622-0008/", + "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332", + "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783", + "https://www.cve.org/CVERecord?id=CVE-2022-25881" + ], + "PublishedDate": "2023-01-31T05:15:11.81Z", + "LastModifiedDate": "2025-03-27T18:17:13Z" + }, + { + "VulnerabilityID": "CVE-2024-29415", + "PkgID": "ip@2.0.1", + "PkgName": "ip", + "PkgPath": "juice-shop/node_modules/ip/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/ip@2.0.1", + "UID": "a4e48be5e3d2c740" + }, + "InstalledVersion": "2.0.1", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-29415", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "node-ip: Incomplete fix for CVE-2023-42282", + "Description": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-918", + "CWE-941" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-29415", + "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", + "https://github.com/indutny/node-ip", + "https://github.com/indutny/node-ip/issues/150", + "https://github.com/indutny/node-ip/pull/143", + "https://github.com/indutny/node-ip/pull/144", + "https://nvd.nist.gov/vuln/detail/CVE-2024-29415", + "https://security.netapp.com/advisory/ntap-20250117-0010", + "https://security.netapp.com/advisory/ntap-20250117-0010/", + "https://www.cve.org/CVERecord?id=CVE-2024-29415" + ], + "PublishedDate": "2024-05-27T20:15:08.97Z", + "LastModifiedDate": "2025-01-17T20:15:27.95Z" + }, + { + "VulnerabilityID": "CVE-2015-9235", + "PkgID": "jsonwebtoken@0.1.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "InstalledVersion": "0.1.0", + "FixedVersion": "4.2.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-9235", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-jsonwebtoken: verification step bypass with an altered token", + "Description": "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-20", + "CWE-327" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2015-9235", + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries", + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "https://github.com/advisories/GHSA-c7hr-j4mj-j2w6", + "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", + "https://nodesecurity.io/advisories/17", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9235", + "https://www.cve.org/CVERecord?id=CVE-2015-9235", + "https://www.npmjs.com/advisories/17", + "https://www.timmclean.net/2015/02/25/jwt-alg-none.html" + ], + "PublishedDate": "2018-05-29T20:29:00.33Z", + "LastModifiedDate": "2024-11-21T02:40:07.1Z" + }, + { + "VulnerabilityID": "CVE-2022-23539", + "PkgID": "jsonwebtoken@0.1.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "InstalledVersion": "0.1.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23539", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Unrestricted key type could lead to legacy keys usagen", + "Description": "Versions `\u003c=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-327" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23539", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23539", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23539" + ], + "PublishedDate": "2022-12-23T00:15:12.347Z", + "LastModifiedDate": "2024-11-21T06:48:46.303Z" + }, + { + "VulnerabilityID": "NSWG-ECO-17", + "PkgID": "jsonwebtoken@0.1.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "InstalledVersion": "0.1.0", + "FixedVersion": "\u003e=4.2.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "Verification Bypass", + "Description": "It is possible for an attacker to bypass verification when \"a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)\" [1]", + "Severity": "HIGH", + "VendorSeverity": { + "nodejs-security-wg": 3 + }, + "References": [ + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", + "https://www.timmclean.net/2015/02/25/jwt-alg-none.html" + ] + }, + { + "VulnerabilityID": "CVE-2022-23540", + "PkgID": "jsonwebtoken@0.1.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "InstalledVersion": "0.1.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23540", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass", + "Description": "In versions `\u003c=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287", + "CWE-347" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 7.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23540", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23540", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23540" + ], + "PublishedDate": "2022-12-22T19:15:08.967Z", + "LastModifiedDate": "2025-02-13T17:15:38.32Z" + }, + { + "VulnerabilityID": "CVE-2022-23541", + "PkgID": "jsonwebtoken@0.1.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.1.0", + "UID": "324977895803c3d7" + }, + "InstalledVersion": "0.1.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23541", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", + "Description": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `\u003c= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287", + "CWE-1259" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23541", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23541", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23541" + ], + "PublishedDate": "2022-12-22T18:15:09.39Z", + "LastModifiedDate": "2024-11-21T06:48:46.58Z" + }, + { + "VulnerabilityID": "CVE-2015-9235", + "PkgID": "jsonwebtoken@0.4.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "InstalledVersion": "0.4.0", + "FixedVersion": "4.2.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-9235", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-jsonwebtoken: verification step bypass with an altered token", + "Description": "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-20", + "CWE-327" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2015-9235", + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries", + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "https://github.com/advisories/GHSA-c7hr-j4mj-j2w6", + "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", + "https://nodesecurity.io/advisories/17", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9235", + "https://www.cve.org/CVERecord?id=CVE-2015-9235", + "https://www.npmjs.com/advisories/17", + "https://www.timmclean.net/2015/02/25/jwt-alg-none.html" + ], + "PublishedDate": "2018-05-29T20:29:00.33Z", + "LastModifiedDate": "2024-11-21T02:40:07.1Z" + }, + { + "VulnerabilityID": "CVE-2022-23539", + "PkgID": "jsonwebtoken@0.4.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "InstalledVersion": "0.4.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23539", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Unrestricted key type could lead to legacy keys usagen", + "Description": "Versions `\u003c=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-327" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23539", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23539", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23539" + ], + "PublishedDate": "2022-12-23T00:15:12.347Z", + "LastModifiedDate": "2024-11-21T06:48:46.303Z" + }, + { + "VulnerabilityID": "NSWG-ECO-17", + "PkgID": "jsonwebtoken@0.4.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "InstalledVersion": "0.4.0", + "FixedVersion": "\u003e=4.2.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "Verification Bypass", + "Description": "It is possible for an attacker to bypass verification when \"a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)\" [1]", + "Severity": "HIGH", + "VendorSeverity": { + "nodejs-security-wg": 3 + }, + "References": [ + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", + "https://www.timmclean.net/2015/02/25/jwt-alg-none.html" + ] + }, + { + "VulnerabilityID": "CVE-2022-23540", + "PkgID": "jsonwebtoken@0.4.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "InstalledVersion": "0.4.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23540", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass", + "Description": "In versions `\u003c=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287", + "CWE-347" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 7.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23540", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23540", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23540" + ], + "PublishedDate": "2022-12-22T19:15:08.967Z", + "LastModifiedDate": "2025-02-13T17:15:38.32Z" + }, + { + "VulnerabilityID": "CVE-2022-23541", + "PkgID": "jsonwebtoken@0.4.0", + "PkgName": "jsonwebtoken", + "PkgPath": "juice-shop/node_modules/jsonwebtoken/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jsonwebtoken@0.4.0", + "UID": "b220953c826bca0" + }, + "InstalledVersion": "0.4.0", + "FixedVersion": "9.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23541", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", + "Description": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `\u003c= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287", + "CWE-1259" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23541", + "https://github.com/auth0/node-jsonwebtoken", + "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23541", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://www.cve.org/CVERecord?id=CVE-2022-23541" + ], + "PublishedDate": "2022-12-22T18:15:09.39Z", + "LastModifiedDate": "2024-11-21T06:48:46.58Z" + }, + { + "VulnerabilityID": "CVE-2016-1000223", + "PkgID": "jws@0.2.6", + "PkgName": "jws", + "PkgPath": "juice-shop/node_modules/jws/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/jws@0.2.6", + "UID": "da4a6fd70bb8e740" + }, + "InstalledVersion": "0.2.6", + "FixedVersion": "\u003e=3.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1000223", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "Forgeable Public/Private Tokens", + "Description": "Since \"algorithm\" isn't enforced in `jws.verify()`, a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.\n\nIn addition, there is the `none` algorithm to be concerned about. In versions prior to 3.0.0, verification of the token could be bypassed when the `alg` field is set to `none`.\n\n*Edit ( 7/29/16 ): A previous version of this advisory incorrectly stated that the vulnerability was patched in version 2.0.0 instead of 3.0.0. The advisory has been updated to reflect this new information. Thanks to Fabien Catteau for reporting the error.*", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3, + "nodejs-security-wg": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.7 + } + }, + "References": [ + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries", + "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "https://github.com/brianloveswords/node-jws", + "https://github.com/brianloveswords/node-jws/commit/585d0e1e97b6747c10cf5b7689ccc5618a89b299#diff-4ac32a78649ca5bdd8e0ba38b7006a1e", + "https://nvd.nist.gov/vuln/detail/CVE-2016-1000223", + "https://snyk.io/vuln/npm:jws:20160726", + "https://www.npmjs.com/advisories/88" + ] + }, + { + "VulnerabilityID": "CVE-2019-10744", + "PkgID": "lodash@2.4.2", + "PkgName": "lodash", + "PkgPath": "juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@2.4.2", + "UID": "2055fc9d42487aec" + }, + "InstalledVersion": "2.4.2", + "FixedVersion": "4.17.12", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties", + "Description": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 3, + "ruby-advisory-db": 4 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2019:3024", + "https://access.redhat.com/security/cve/CVE-2019-10744", + "https://github.com/advisories/GHSA-jf85-cpcp-j695", + "https://github.com/lodash/lodash/pull/4336", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml", + "https://nvd.nist.gov/vuln/detail/CVE-2019-10744", + "https://security.netapp.com/advisory/ntap-20191004-0005", + "https://security.netapp.com/advisory/ntap-20191004-0005/", + "https://snyk.io/vuln/SNYK-JS-LODASH-450202", + "https://support.f5.com/csp/article/K47105354", + "https://support.f5.com/csp/article/K47105354?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://support.f5.com/csp/article/K47105354?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-10744", + "https://www.npmjs.com/advisories/1065", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/security-alerts/cpuoct2020.html" + ], + "PublishedDate": "2019-07-26T00:15:11.217Z", + "LastModifiedDate": "2024-11-21T04:19:50.123Z" + }, + { + "VulnerabilityID": "CVE-2018-16487", + "PkgID": "lodash@2.4.2", + "PkgName": "lodash", + "PkgPath": "juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@2.4.2", + "UID": "2055fc9d42487aec" + }, + "InstalledVersion": "2.4.2", + "FixedVersion": "\u003e=4.17.11", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16487", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "lodash: Prototype pollution in utilities function", + "Description": "A prototype pollution vulnerability was found in lodash \u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 3, + "nodejs-security-wg": 3, + "nvd": 2, + "redhat": 2, + "ruby-advisory-db": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 6.8, + "V3Score": 5.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-16487", + "https://github.com/advisories/GHSA-4xc9-xhrj-v574", + "https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-16487.yml", + "https://hackerone.com/reports/380873", + "https://nvd.nist.gov/vuln/detail/CVE-2018-16487", + "https://security.netapp.com/advisory/ntap-20190919-0004", + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://www.cve.org/CVERecord?id=CVE-2018-16487", + "https://www.npmjs.com/advisories/782" + ], + "PublishedDate": "2019-02-01T18:29:00.943Z", + "LastModifiedDate": "2024-11-21T03:52:51.17Z" + }, + { + "VulnerabilityID": "CVE-2021-23337", + "PkgID": "lodash@2.4.2", + "PkgName": "lodash", + "PkgPath": "juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@2.4.2", + "UID": "2055fc9d42487aec" + }, + "InstalledVersion": "2.4.2", + "FixedVersion": "4.17.21", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-lodash: command injection via template", + "Description": "Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2, + "ruby-advisory-db": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.2 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.5, + "V3Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-23337", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js", + "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851", + "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851", + "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml", + "https://nvd.nist.gov/vuln/detail/CVE-2021-23337", + "https://security.netapp.com/advisory/ntap-20210312-0006", + "https://security.netapp.com/advisory/ntap-20210312-0006/", + "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929", + "https://snyk.io/vuln/SNYK-JS-LODASH-1040724", + "https://www.cve.org/CVERecord?id=CVE-2021-23337", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-02-15T13:15:12.56Z", + "LastModifiedDate": "2024-11-21T05:51:31.643Z" + }, + { + "VulnerabilityID": "CVE-2018-3721", + "PkgID": "lodash@2.4.2", + "PkgName": "lodash", + "PkgPath": "juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@2.4.2", + "UID": "2055fc9d42487aec" + }, + "InstalledVersion": "2.4.2", + "FixedVersion": "\u003e=4.17.5", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-3721", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "lodash: Prototype pollution in utilities function", + "Description": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.", + "Severity": "LOW", + "CweIDs": [ + "CWE-471", + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "nodejs-security-wg": 1, + "nvd": 2, + "redhat": 1, + "ruby-advisory-db": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-3721", + "https://github.com/advisories/GHSA-fvqr-27wr-82fm", + "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-3721.yml", + "https://hackerone.com/reports/310443", + "https://nvd.nist.gov/vuln/detail/CVE-2018-3721", + "https://security.netapp.com/advisory/ntap-20190919-0004", + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://snyk.io/vuln/npm:lodash:20180130", + "https://www.cve.org/CVERecord?id=CVE-2018-3721", + "https://www.npmjs.com/advisories/577" + ], + "PublishedDate": "2018-06-07T02:29:08.317Z", + "LastModifiedDate": "2024-11-21T04:05:56.943Z" + }, + { + "VulnerabilityID": "CVE-2020-8203", + "PkgID": "lodash.set@4.3.2", + "PkgName": "lodash.set", + "PkgPath": "juice-shop/node_modules/lodash.set/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash.set@4.3.2", + "UID": "91ab835ab813b84b" + }, + "InstalledVersion": "4.3.2", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8203", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-lodash: prototype pollution in zipObjectDeep function", + "Description": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770", + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2, + "ruby-advisory-db": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V2Score": 5.8, + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-8203", + "https://github.com/advisories/GHSA-p6mc-m468-83gw", + "https://github.com/github/advisory-database/pull/2884", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12", + "https://github.com/lodash/lodash/issues/4744", + "https://github.com/lodash/lodash/issues/4874", + "https://github.com/lodash/lodash/wiki/Changelog#v41719", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml", + "https://hackerone.com/reports/712065", + "https://hackerone.com/reports/864701", + "https://nvd.nist.gov/vuln/detail/CVE-2020-8203", + "https://security.netapp.com/advisory/ntap-20200724-0006", + "https://security.netapp.com/advisory/ntap-20200724-0006/", + "https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744", + "https://www.cve.org/CVERecord?id=CVE-2020-8203", + "https://www.npmjs.com/advisories/1523", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2020-07-15T17:15:11.797Z", + "LastModifiedDate": "2024-11-21T05:38:29.79Z" + }, + { + "VulnerabilityID": "GHSA-5mrr-rgp6-x4gr", + "PkgID": "marsdb@0.6.11", + "PkgName": "marsdb", + "PkgPath": "juice-shop/node_modules/marsdb/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/marsdb@0.6.11", + "UID": "54edd9a172aae6f9" + }, + "InstalledVersion": "0.6.11", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-5mrr-rgp6-x4gr", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Command Injection in marsdb", + "Description": "All versions of `marsdb` are vulnerable to Command Injection. In the `DocumentMatcher` class, selectors on `$where` clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.", + "Severity": "CRITICAL", + "VendorSeverity": { + "ghsa": 4 + }, + "References": [ + "https://github.com/bkimminich/juice-shop/issues/1173", + "https://www.npmjs.com/advisories/1122" + ], + "PublishedDate": "2020-09-03T19:39:05Z", + "LastModifiedDate": "2020-08-31T18:48:01Z" + }, + { + "VulnerabilityID": "CVE-2025-57349", + "PkgID": "messageformat@2.3.0", + "PkgName": "messageformat", + "PkgPath": "juice-shop/node_modules/messageformat/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/messageformat@2.3.0", + "UID": "9103fbfc5c47243d" + }, + "InstalledVersion": "2.3.0", + "FixedVersion": "3.0.0-beta.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57349", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "messageformat has a prototype pollution vulnerability", + "Description": "The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., __proto__ ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 1 + }, + "References": [ + "https://github.com/messageformat/messageformat", + "https://github.com/messageformat/messageformat/issues/452", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57349" + ], + "PublishedDate": "2025-09-24T19:15:40.233Z", + "LastModifiedDate": "2025-09-29T18:15:33.43Z" + }, + { + "VulnerabilityID": "CVE-2024-4067", + "PkgID": "micromatch@3.1.10", + "PkgName": "micromatch", + "PkgPath": "juice-shop/node_modules/micromatch/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/micromatch@3.1.10", + "UID": "dff9b87c3884f86c" + }, + "InstalledVersion": "3.1.10", + "FixedVersion": "4.0.8", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-4067", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "micromatch: vulnerable to Regular Expression Denial of Service", + "Description": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-4067", + "https://advisory.checkmarx.net/advisory/CVE-2024-4067", + "https://advisory.checkmarx.net/advisory/CVE-2024-4067/", + "https://devhub.checkmarx.com/cve-details/CVE-2024-4067", + "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", + "https://github.com/micromatch/micromatch", + "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", + "https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade", + "https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0", + "https://github.com/micromatch/micromatch/issues/243", + "https://github.com/micromatch/micromatch/pull/247", + "https://github.com/micromatch/micromatch/pull/266", + "https://github.com/micromatch/micromatch/releases/tag/4.0.8", + "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", + "https://www.cve.org/CVERecord?id=CVE-2024-4067" + ], + "PublishedDate": "2024-05-14T15:42:47.947Z", + "LastModifiedDate": "2025-08-04T14:36:46.69Z" + }, + { + "VulnerabilityID": "CVE-2017-18214", + "PkgID": "moment@2.0.0", + "PkgName": "moment", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/moment/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/moment@2.0.0", + "UID": "83a43873d3018a1f" + }, + "InstalledVersion": "2.0.0", + "FixedVersion": "2.19.3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18214", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-moment: Regular expression denial of service", + "Description": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-18214", + "https://github.com/advisories/GHSA-446m-mv8f-q348", + "https://github.com/moment/moment", + "https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb", + "https://github.com/moment/moment/issues/4163", + "https://github.com/moment/moment/pull/4326", + "https://nodesecurity.io/advisories/532", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", + "https://ubuntu.com/security/notices/USN-4786-1", + "https://www.cve.org/CVERecord?id=CVE-2017-18214", + "https://www.npmjs.com/advisories/532", + "https://www.tenable.com/security/tns-2019-02" + ], + "PublishedDate": "2018-03-04T21:29:00.23Z", + "LastModifiedDate": "2024-11-21T03:19:35.133Z" + }, + { + "VulnerabilityID": "CVE-2022-24785", + "PkgID": "moment@2.0.0", + "PkgName": "moment", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/moment/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/moment@2.0.0", + "UID": "83a43873d3018a1f" + }, + "InstalledVersion": "2.0.0", + "FixedVersion": "2.29.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24785", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Moment.js: Path traversal in moment.locale", + "Description": "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-27" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24785", + "https://github.com/moment/moment", + "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5", + "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", + "https://security.netapp.com/advisory/ntap-20220513-0006", + "https://security.netapp.com/advisory/ntap-20220513-0006/", + "https://ubuntu.com/security/notices/USN-5559-1", + "https://www.cve.org/CVERecord?id=CVE-2022-24785", + "https://www.tenable.com/security/tns-2022-09" + ], + "PublishedDate": "2022-04-04T17:15:07.583Z", + "LastModifiedDate": "2024-11-21T06:51:05.483Z" + }, + { + "VulnerabilityID": "CVE-2016-4055", + "PkgID": "moment@2.0.0", + "PkgName": "moment", + "PkgPath": "juice-shop/node_modules/express-jwt/node_modules/moment/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/moment@2.0.0", + "UID": "83a43873d3018a1f" + }, + "InstalledVersion": "2.0.0", + "FixedVersion": "\u003e=2.11.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4055", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "moment.js: regular expression denial of service", + "Description": "The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a \"regular expression Denial of Service (ReDoS).\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nodejs-security-wg": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/04/20/11", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.securityfocus.com/bid/95849", + "https://access.redhat.com/security/cve/CVE-2016-4055", + "https://github.com/advisories/GHSA-87vv-r9j6-g5qv", + "https://github.com/moment/moment", + "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", + "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", + "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", + "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", + "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", + "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", + "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", + "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", + "https://nodesecurity.io/advisories/55", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4055", + "https://ubuntu.com/security/notices/USN-4786-1", + "https://www.cve.org/CVERecord?id=CVE-2016-4055", + "https://www.npmjs.com/advisories/55", + "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS", + "https://www.tenable.com/security/tns-2019-02" + ], + "PublishedDate": "2017-01-23T21:59:01.33Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2025-47935", + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgPath": "juice-shop/node_modules/multer/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "d60c4000df10abea" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47935", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Multer vulnerable to Denial of Service via memory leaks from unclosed streams", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/pull/1120", + "https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47935" + ], + "PublishedDate": "2025-05-19T20:15:25.863Z", + "LastModifiedDate": "2025-05-21T20:25:16.407Z" + }, + { + "VulnerabilityID": "CVE-2025-47944", + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgPath": "juice-shop/node_modules/multer/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "d60c4000df10abea" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47944", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Multer vulnerable to Denial of Service from maliciously crafted requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/issues/1176", + "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47944" + ], + "PublishedDate": "2025-05-19T20:15:26.007Z", + "LastModifiedDate": "2025-05-21T20:25:16.407Z" + }, + { + "VulnerabilityID": "CVE-2025-48997", + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgPath": "juice-shop/node_modules/multer/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "d60c4000df10abea" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48997", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "multer: Multer vulnerable to Denial of Service via unhandled exception", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-48997", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9", + "https://github.com/expressjs/multer/issues/1233", + "https://github.com/expressjs/multer/pull/1256", + "https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48997", + "https://www.cve.org/CVERecord?id=CVE-2025-48997" + ], + "PublishedDate": "2025-06-03T19:15:39.577Z", + "LastModifiedDate": "2025-06-04T14:54:33.783Z" + }, + { + "VulnerabilityID": "CVE-2025-7338", + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgPath": "juice-shop/node_modules/multer/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "d60c4000df10abea" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7338", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "multer: Multer Denial of Service", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7338", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b", + "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7338", + "https://www.cve.org/CVERecord?id=CVE-2025-7338" + ], + "PublishedDate": "2025-07-17T16:15:35.227Z", + "LastModifiedDate": "2025-07-17T21:15:50.197Z" + }, + { + "VulnerabilityID": "CVE-2021-23771", + "PkgID": "notevil@1.3.3", + "PkgName": "notevil", + "PkgPath": "juice-shop/node_modules/notevil/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/notevil@1.3.3", + "UID": "3e66e3cc17ffdfc2" + }, + "InstalledVersion": "1.3.3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23771", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Sandbox escape in notevil and argencoders-notevil", + "Description": "This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + } + }, + "References": [ + "https://github.com/mmckegg/notevil", + "https://nvd.nist.gov/vuln/detail/CVE-2021-23771", + "https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587", + "https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946" + ], + "PublishedDate": "2022-03-17T12:15:07.74Z", + "LastModifiedDate": "2024-11-21T05:51:53.017Z" + }, + { + "VulnerabilityID": "CVE-2022-25887", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "2.7.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25887", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "sanitize-html: insecure global regular expression replacement logic may lead to ReDoS", + "Description": "The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-25887", + "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c", + "https://github.com/apostrophecms/sanitize-html/pull/557", + "https://nvd.nist.gov/vuln/detail/CVE-2022-25887", + "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102", + "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526", + "https://ubuntu.com/security/notices/USN-7464-1", + "https://www.cve.org/CVERecord?id=CVE-2022-25887" + ], + "PublishedDate": "2022-08-30T05:15:07.727Z", + "LastModifiedDate": "2024-11-21T06:53:09.953Z" + }, + { + "VulnerabilityID": "CVE-2016-1000237", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "\u003e=1.4.3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1000237", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "XSS - Sanitization not applied recursively", + "Description": "sanitize-html before 1.4.3 has XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2, + "nodejs-security-wg": 2, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/apostrophecms/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf", + "https://github.com/apostrophecms/sanitize-html/issues/29", + "https://github.com/punkave/sanitize-html/issues/29", + "https://nodesecurity.io/advisories/135", + "https://nvd.nist.gov/vuln/detail/CVE-2016-1000237", + "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json", + "https://www.npmjs.com/advisories/135" + ], + "PublishedDate": "2020-01-23T15:15:13.16Z", + "LastModifiedDate": "2024-11-21T02:43:01.763Z" + }, + { + "VulnerabilityID": "CVE-2017-16016", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "1.11.4", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16016", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "Cross-Site Scripting in sanitize-html", + "Description": "Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/advisories/GHSA-xc6g-ggrc-qq4r", + "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403", + "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403)))", + "https://github.com/punkave/sanitize-html/issues/100", + "https://nodesecurity.io/advisories/154", + "https://npmjs.com/package/sanitize-html#discarding-the-entire-contents-of-a-disallowed-tag", + "https://nvd.nist.gov/vuln/detail/CVE-2017-16016", + "https://www.npmjs.com/advisories/154" + ], + "PublishedDate": "2018-06-04T19:29:01.023Z", + "LastModifiedDate": "2024-11-21T03:15:40.117Z" + }, + { + "VulnerabilityID": "CVE-2019-25225", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "2.0.0-beta", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25225", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "sanitize-html: sanitize-html cross site scripting", + "Description": "`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-25225", + "https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2019/CVE-2019-25225", + "https://github.com/apostrophecms/sanitize-html", + "https://github.com/apostrophecms/sanitize-html/commit/712cb6895825c8bb6ede71a16b42bade42abcaf3", + "https://github.com/apostrophecms/sanitize-html/issues/293", + "https://github.com/apostrophecms/sanitize-html/pull/156", + "https://nvd.nist.gov/vuln/detail/CVE-2019-25225", + "https://www.cve.org/CVERecord?id=CVE-2019-25225" + ], + "PublishedDate": "2025-09-08T10:15:33.44Z", + "LastModifiedDate": "2025-09-19T15:18:42.913Z" + }, + { + "VulnerabilityID": "CVE-2021-26539", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "2.3.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26539", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation", + "Description": "Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-26539", + "https://advisory.checkmarx.net/advisory/CX-2021-4308", + "https://github.com/apostrophecms/sanitize-html", + "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22", + "https://github.com/apostrophecms/sanitize-html/commit/bdf7836ef8f0e5b21f9a1aab0623ae8fcd09c1da", + "https://github.com/apostrophecms/sanitize-html/pull/458", + "https://nvd.nist.gov/vuln/detail/CVE-2021-26539", + "https://www.cve.org/CVERecord?id=CVE-2021-26539" + ], + "PublishedDate": "2021-02-08T17:15:13.673Z", + "LastModifiedDate": "2024-11-21T05:56:26.517Z" + }, + { + "VulnerabilityID": "CVE-2021-26540", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "2.3.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26540", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element", + "Description": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-26540", + "https://advisory.checkmarx.net/advisory/CX-2021-4309", + "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26", + "https://github.com/apostrophecms/sanitize-html/pull/460", + "https://nvd.nist.gov/vuln/detail/CVE-2021-26540", + "https://www.cve.org/CVERecord?id=CVE-2021-26540" + ], + "PublishedDate": "2021-02-08T17:15:13.737Z", + "LastModifiedDate": "2024-11-21T05:56:26.67Z" + }, + { + "VulnerabilityID": "CVE-2024-21501", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "2.12.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21501", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "sanitize-html: Information Exposure when used on the backend", + "Description": "Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200", + "CWE-538" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-21501", + "https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf", + "https://github.com/apostrophecms/apostrophe/discussions/4436", + "https://github.com/apostrophecms/sanitize-html", + "https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4", + "https://github.com/apostrophecms/sanitize-html/pull/650", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-21501", + "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557", + "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334", + "https://www.cve.org/CVERecord?id=CVE-2024-21501" + ], + "PublishedDate": "2024-02-24T05:15:44.31Z", + "LastModifiedDate": "2025-04-25T19:37:25.937Z" + }, + { + "VulnerabilityID": "NSWG-ECO-154", + "PkgID": "sanitize-html@1.4.2", + "PkgName": "sanitize-html", + "PkgPath": "juice-shop/node_modules/sanitize-html/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/sanitize-html@1.4.2", + "UID": "dba6e401aaa6d720" + }, + "InstalledVersion": "1.4.2", + "FixedVersion": "\u003e=1.11.4", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "nodejs-security-wg", + "DataSource": { + "ID": "nodejs-security-wg", + "Name": "Node.js Ecosystem Security Working Group", + "URL": "https://github.com/nodejs/security-wg" + }, + "Title": "Cross Site Scripting", + "Description": "Sanitize-html is a library for scrubbing html input of malicious values.\n\nVersions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios:\n\nIf allowed at least one nonTextTags, the result is a potential XSS vulnerability.\nPoC:\n\n```\nvar sanitizeHtml = require('sanitize-html');\n\nvar dirty = '!\u003ctextarea\u003e\u0026lt;/textarea\u0026gt;\u003csvg/onload=prompt`xs`\u0026gt;\u003c/textarea\u003e!';\nvar clean = sanitizeHtml(dirty, {\n allowedTags: [ 'textarea' ]\n});\n\nconsole.log(clean);\n\n// !\u003ctextarea\u003e\u003c/textarea\u003e\u003csvg/onload=prompt`xs`\u003e\u003c/textarea\u003e!\n```", + "Severity": "MEDIUM", + "VendorSeverity": { + "nodejs-security-wg": 2 + }, + "References": [ + "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403", + "https://github.com/punkave/sanitize-html/issues/100" + ] + }, + { + "VulnerabilityID": "CVE-2024-38355", + "PkgID": "socket.io@3.1.2", + "PkgName": "socket.io", + "PkgPath": "juice-shop/node_modules/socket.io/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/socket.io@3.1.2", + "UID": "2cfa07ffcdb1bf43" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "2.5.1, 4.6.2", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38355", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "socket.io: Unhandled 'error' event", + "Description": "Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the \"error\" event to catch these errors.\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20", + "CWE-754" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-38355", + "https://github.com/socketio/socket.io", + "https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115", + "https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c", + "https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj", + "https://nvd.nist.gov/vuln/detail/CVE-2024-38355", + "https://www.cve.org/CVERecord?id=CVE-2024-38355", + "https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355" + ], + "PublishedDate": "2024-06-19T20:15:11.18Z", + "LastModifiedDate": "2024-11-21T09:25:25.967Z" + }, + { + "VulnerabilityID": "CVE-2023-32695", + "PkgID": "socket.io-parser@4.0.5", + "PkgName": "socket.io-parser", + "PkgPath": "juice-shop/node_modules/socket.io-parser/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/socket.io-parser@4.0.5", + "UID": "a5c96fae75095a78" + }, + "InstalledVersion": "4.0.5", + "FixedVersion": "4.2.3, 3.4.3, 3.3.4", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32695", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "socket.io parser is a socket.io encoder and decoder written in JavaScr ...", + "Description": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20", + "CWE-754" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/socketio/socket.io-parser", + "https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9", + "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced", + "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3", + "https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4", + "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3", + "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32695" + ], + "PublishedDate": "2023-05-27T16:15:09.433Z", + "LastModifiedDate": "2024-11-21T08:03:52.187Z" + }, + { + "VulnerabilityID": "CVE-2024-28863", + "PkgID": "tar@4.4.19", + "PkgName": "tar", + "PkgPath": "juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@4.4.19", + "UID": "b2f700056d98ebcd" + }, + "InstalledVersion": "4.4.19", + "FixedVersion": "6.2.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28863", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", + "Description": "node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:6147", + "https://access.redhat.com/security/cve/CVE-2024-28863", + "https://bugzilla.redhat.com/2293200", + "https://bugzilla.redhat.com/2296417", + "https://errata.almalinux.org/9/ALSA-2024-6147.html", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7", + "https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 (v6.2.1)", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", + "https://linux.oracle.com/cve/CVE-2024-28863.html", + "https://linux.oracle.com/errata/ELSA-2024-6148.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", + "https://security.netapp.com/advisory/ntap-20240524-0005", + "https://security.netapp.com/advisory/ntap-20240524-0005/", + "https://www.cve.org/CVERecord?id=CVE-2024-28863" + ], + "PublishedDate": "2024-03-21T23:15:10.91Z", + "LastModifiedDate": "2024-11-21T09:07:04.023Z" + }, + { + "VulnerabilityID": "CVE-2025-59343", + "PkgID": "tar-fs@2.1.3", + "PkgName": "tar-fs", + "PkgPath": "juice-shop/node_modules/tar-fs/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/tar-fs@2.1.3", + "UID": "aed465b4e79058d7" + }, + "InstalledVersion": "2.1.3", + "FixedVersion": "3.1.1, 2.1.4, 1.16.6", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59343", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "tar-fs: tar-fs symlink validation bypass", + "Description": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-61" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-59343", + "https://github.com/mafintosh/tar-fs", + "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09", + "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-59343", + "https://www.cve.org/CVERecord?id=CVE-2025-59343" + ], + "PublishedDate": "2025-09-24T18:15:42.297Z", + "LastModifiedDate": "2025-09-26T14:32:53.583Z" + }, + { + "VulnerabilityID": "CVE-2023-32314", + "PkgID": "vm2@3.9.17", + "PkgName": "vm2", + "PkgPath": "juice-shop/node_modules/vm2/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/vm2@3.9.17", + "UID": "76ba5b4eb1192b4e" + }, + "InstalledVersion": "3.9.17", + "FixedVersion": "3.9.18", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32314", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "vm2: Sandbox Escape", + "Description": "vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-74" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 4 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32314", + "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", + "https://github.com/patriksimek/vm2", + "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", + "https://github.com/patriksimek/vm2/releases/tag/3.9.18", + "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32314", + "https://www.cve.org/CVERecord?id=CVE-2023-32314" + ], + "PublishedDate": "2023-05-15T20:15:09.177Z", + "LastModifiedDate": "2024-11-21T08:03:05.643Z" + }, + { + "VulnerabilityID": "CVE-2023-37466", + "PkgID": "vm2@3.9.17", + "PkgName": "vm2", + "PkgPath": "juice-shop/node_modules/vm2/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/vm2@3.9.17", + "UID": "76ba5b4eb1192b4e" + }, + "InstalledVersion": "3.9.17", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37466", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code", + "Description": "vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37466", + "https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9", + "https://github.com/patriksimek/vm2", + "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37466", + "https://security.netapp.com/advisory/ntap-20230831-0007", + "https://www.cve.org/CVERecord?id=CVE-2023-37466" + ], + "PublishedDate": "2023-07-14T00:15:09.263Z", + "LastModifiedDate": "2024-11-21T08:11:45.92Z" + }, + { + "VulnerabilityID": "CVE-2023-37903", + "PkgID": "vm2@3.9.17", + "PkgName": "vm2", + "PkgPath": "juice-shop/node_modules/vm2/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/vm2@3.9.17", + "UID": "76ba5b4eb1192b4e" + }, + "InstalledVersion": "3.9.17", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code", + "Description": "vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37903", + "https://github.com/patriksimek/vm2", + "https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37903", + "https://security.netapp.com/advisory/ntap-20230831-0007", + "https://security.netapp.com/advisory/ntap-20230831-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-37903" + ], + "PublishedDate": "2023-07-21T20:15:16.057Z", + "LastModifiedDate": "2024-11-21T08:12:26.023Z" + }, + { + "VulnerabilityID": "CVE-2023-32313", + "PkgID": "vm2@3.9.17", + "PkgName": "vm2", + "PkgPath": "juice-shop/node_modules/vm2/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/vm2@3.9.17", + "UID": "76ba5b4eb1192b4e" + }, + "InstalledVersion": "3.9.17", + "FixedVersion": "3.9.18", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32313", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "vm2: Inspect Manipulation", + "Description": "vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32313", + "https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550", + "https://github.com/patriksimek/vm2", + "https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238", + "https://github.com/patriksimek/vm2/releases/tag/3.9.18", + "https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32313", + "https://www.cve.org/CVERecord?id=CVE-2023-32313" + ], + "PublishedDate": "2023-05-15T20:15:09.07Z", + "LastModifiedDate": "2024-11-21T08:03:05.51Z" + }, + { + "VulnerabilityID": "CVE-2024-37890", + "PkgID": "ws@7.4.6", + "PkgName": "ws", + "PkgPath": "juice-shop/node_modules/engine.io/node_modules/ws/package.json", + "PkgIdentifier": { + "PURL": "pkg:npm/ws@7.4.6", + "UID": "99c0e0e6dc5ddca1" + }, + "InstalledVersion": "7.4.6", + "FixedVersion": "5.2.4, 6.2.3, 7.5.10, 8.17.1", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-37890", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "nodejs-ws: denial of service when handling a request with many HTTP headers", + "Description": "ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-37890", + "https://github.com/websockets/ws", + "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", + "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", + "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", + "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", + "https://github.com/websockets/ws/issues/2230", + "https://github.com/websockets/ws/pull/2231", + "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", + "https://nodejs.org/api/http.html#servermaxheaderscount", + "https://nvd.nist.gov/vuln/detail/CVE-2024-37890", + "https://www.cve.org/CVERecord?id=CVE-2024-37890" + ], + "PublishedDate": "2024-06-17T20:15:13.203Z", + "LastModifiedDate": "2024-11-21T09:24:28.81Z" + } + ] + }, + { + "Target": "/juice-shop/build/lib/insecurity.js", + "Class": "secret", + "Secrets": [ + { + "RuleID": "private-key", + "Category": "AsymmetricPrivateKey", + "Severity": "HIGH", + "Title": "Asymmetric Private Key", + "StartLine": 47, + "EndLine": 47, + "Code": { + "Lines": [ + { + "Number": 45, + "Content": "const z85 = __importStar(require(\"z85\"));", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": "const z85 = __importStar(require(\"z85\"));", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": "exports.publicKey = node_fs_1.default ? node_fs_1.default.readFileSync('encryptionkeys/jwt.pub', 'ut", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": "exports.publicKey = node_fs_1.default ? node_fs_1.default.readFileSync('encryptionkeys/jwt.pub', 'ut", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 48, + "Content": "const hash = (data) =\u003e node_crypto_1.default.createHash('md5').update(data).digest('hex');", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": "const hash = (data) =\u003e node_crypto_1.default.createHash('md5').update(data).digest('hex');", + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077", + "CreatedBy": "COPY --chown=65532:0 /juice-shop . # buildkit" + }, + "Offset": 2835 + } + ] + }, + { + "Target": "/juice-shop/frontend/src/app/app.guard.spec.ts", + "Class": "secret", + "Secrets": [ + { + "RuleID": "jwt-token", + "Category": "JWT", + "Severity": "MEDIUM", + "Title": "JWT token", + "StartLine": 38, + "EndLine": 38, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " it('returns payload from decoding a valid JWT', inject([LoginGuard], (guard: LoginGuard) =\u003e {", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " it('returns payload from decoding a valid JWT', inject([LoginGuard], (guard: LoginGuard) =\u003e {", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": "ocalStorage.setItem('token', '***********************************************************************************************************************************************************')", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "ocalStorage.setItem('token', '***********************************************************************************************************************************************************')", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 39, + "Content": " expect(guard.tokenDecode()).toEqual({", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " expect(guard.tokenDecode()).toEqual({", + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "ocalStorage.setItem('token', '***********************************************************************************************************************************************************')", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077", + "CreatedBy": "COPY --chown=65532:0 /juice-shop . # buildkit" + }, + "Offset": 1466 + } + ] + }, + { + "Target": "/juice-shop/frontend/src/app/last-login-ip/last-login-ip.component.spec.ts", + "Class": "secret", + "Secrets": [ + { + "RuleID": "jwt-token", + "Category": "JWT", + "Severity": "MEDIUM", + "Title": "JWT token", + "StartLine": 61, + "EndLine": 61, + "Code": { + "Lines": [ + { + "Number": 59, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " xit('should set Last-Login IP from JWT as trusted HTML', () =\u003e { // FIXME Expected state seems to ", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " xit('should set Last-Login IP from JWT as trusted HTML', () =\u003e { // FIXME Expected state seems to ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": "ocalStorage.setItem('token', '*******************************************************************************************************************************')", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "ocalStorage.setItem('token', '*******************************************************************************************************************************')", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 62, + "Content": " component.ngOnInit()", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " component.ngOnInit()", + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "ocalStorage.setItem('token', '*******************************************************************************************************************************')", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077", + "CreatedBy": "COPY --chown=65532:0 /juice-shop . # buildkit" + }, + "Offset": 2220 + } + ] + }, + { + "Target": "/juice-shop/lib/insecurity.ts", + "Class": "secret", + "Secrets": [ + { + "RuleID": "private-key", + "Category": "AsymmetricPrivateKey", + "Severity": "HIGH", + "Title": "Asymmetric Private Key", + "StartLine": 23, + "EndLine": 23, + "Code": { + "Lines": [ + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": "export const publicKey = fs ? fs.readFileSync('encryptionkeys/jwt.pub', 'utf8') : 'placeholder-publi", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": "export const publicKey = fs ? fs.readFileSync('encryptionkeys/jwt.pub', 'utf8') : 'placeholder-publi", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 24, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "Layer": { + "DiffID": "sha256:b9d23411f142a4775d254fcb247412dba31307c736d33ad7938b1c11cce3e077", + "CreatedBy": "COPY --chown=65532:0 /juice-shop . # buildkit" + }, + "Offset": 860 + } + ] + } + ] + } \ No newline at end of file diff --git a/labs/lab5/nuclei/nuclei-results.json b/labs/lab5/nuclei/nuclei-results.json new file mode 100644 index 00000000..014a03dc --- /dev/null +++ b/labs/lab5/nuclei/nuclei-results.json @@ -0,0 +1,3 @@ +{"template":"http/exposures/apis/swagger-api.yaml","template-url":"https://cloud.projectdiscovery.io/public/swagger-api","template-id":"swagger-api","template-path":"/root/nuclei-templates/http/exposures/apis/swagger-api.yaml","info":{"name":"Public Swagger API - Detect","author":["pdteam","c-sh0","amirhossein raeisi"],"tags":["exposure","api","swagger"],"description":"Public Swagger API was detected.","reference":["https://swagger.io/"],"severity":"info","metadata":{"verified":true,"max-request":59,"shodan-query":"http.title:\"swagger\""},"classification":{"cve-id":null,"cwe-id":["cwe-200"],"cvss-metrics":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"}},"type":"http","host":"host.docker.internal:3000","port":"3000","scheme":"http","url":"http://host.docker.internal:3000","matched-at":"http://host.docker.internal:3000/api-docs/swagger.json","request":"GET /api-docs/swagger.json HTTP/1.1\r\nHost: host.docker.internal:3000\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36\r\nAccept: text/html\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 10 Oct 2025 15:52:05 GMT\r\nEtag: W/\"c22-H8FH9nKD8DeX/nvIRrte6ZjP2a4\"\r\nFeature-Policy: payment 'self'\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Recruiting: /#/jobs\r\n\r\n\n\u003c!-- HTML for static distribution bundle build --\u003e\n\u003c!DOCTYPE html\u003e\n\u003chtml lang=\"en\"\u003e\n\u003chead\u003e\n \u003cmeta charset=\"UTF-8\"\u003e\n \n \u003ctitle\u003eSwagger UI\u003c/title\u003e\n \u003clink rel=\"stylesheet\" type=\"text/css\" href=\"./swagger-ui.css\" \u003e\n \u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-32x32.png\" sizes=\"32x32\" /\u003e\u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-16x16.png\" sizes=\"16x16\" /\u003e\n \u003cstyle\u003e\n html\n {\n box-sizing: border-box;\n overflow: -moz-scrollbars-vertical;\n overflow-y: scroll;\n }\n *,\n *:before,\n *:after\n {\n box-sizing: inherit;\n }\n\n body {\n margin:0;\n background: #fafafa;\n }\n \u003c/style\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" style=\"position:absolute;width:0;height:0\"\u003e\n \u003cdefs\u003e\n \u003csymbol viewBox=\"0 0 20 20\" id=\"unlocked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z\"\u003e\u003c/path\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"locked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"close\"\u003e\n \u003cpath d=\"M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow\"\u003e\n \u003cpath d=\"M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow-down\"\u003e\n \u003cpath d=\"M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z\"/\u003e\n \u003c/symbol\u003e\n\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"jump-to\"\u003e\n \u003cpath d=\"M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"expand\"\u003e\n \u003cpath d=\"M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z\"/\u003e\n \u003c/symbol\u003e\n\n \u003c/defs\u003e\n\u003c/svg\u003e\n\n\u003cdiv id=\"swagger-ui\"\u003e\u003c/div\u003e\n\n\u003cscript src=\"./swagger-ui-bundle.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-standalone-preset.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-init.js\"\u003e \u003c/script\u003e\n\n\n\n\u003cstyle\u003e\n .swagger-ui .topbar .download-url-wrapper { display: none } undefined\n\u003c/style\u003e\n\u003c/body\u003e\n\n\u003c/html\u003e\n","meta":{"paths":"/api-docs/swagger.json"},"ip":"192.168.65.254","timestamp":"2025-10-10T15:52:05.378565304Z","curl-command":"curl -X 'GET' -d '' -H 'Accept: text/html' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36' 'http://host.docker.internal:3000/api-docs/swagger.json'","matcher-status":true} +{"template":"http/misconfiguration/missing-sri.yaml","template-url":"https://cloud.projectdiscovery.io/public/missing-sri","template-id":"missing-sri","template-path":"/root/nuclei-templates/http/misconfiguration/missing-sri.yaml","info":{"name":"Missing Subresource Integrity","author":["lucky0x0d","pulsesecurity.co.nz","sullo amarsct"],"tags":["compliance","js","css","sri","misconfig"],"description":"Checks if external script and stylesheet tags in the HTML response are missing the Subresource Integrity (SRI) attribute.\n","reference":["https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity","https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity"],"severity":"info","metadata":{"max-request":1}},"type":"http","host":"host.docker.internal:3000","port":"3000","scheme":"http","url":"http://host.docker.internal:3000","matched-at":"http://host.docker.internal:3000","extracted-results":["//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js","//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js","//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css"],"request":"GET / HTTP/1.1\r\nHost: host.docker.internal:3000\r\nUser-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\r\nConnection: close\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: public, max-age=0\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Fri, 10 Oct 2025 15:52:16 GMT\r\nEtag: W/\"124fa-199ceb49c18\"\r\nFeature-Policy: payment 'self'\r\nLast-Modified: Fri, 10 Oct 2025 15:19:27 GMT\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Recruiting: /#/jobs\r\n\r\n\u003c!--\n ~ Copyright (c) 2014-2025 Bjoern Kimminich \u0026 the OWASP Juice Shop contributors.\n ~ SPDX-License-Identifier: MIT\n --\u003e\n\n\u003c!doctype html\u003e\n\u003chtml lang=\"en\" data-beasties-container\u003e\n\u003chead\u003e\n \u003cmeta charset=\"utf-8\"\u003e\n \u003ctitle\u003eOWASP Juice Shop\u003c/title\u003e\n \u003cmeta name=\"description\" content=\"Probably the most modern and sophisticated insecure web application\"\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\"\u003e\n \u003clink id=\"favicon\" rel=\"icon\" type=\"image/x-icon\" href=\"assets/public/favicon_js.ico\"\u003e\n \u003clink rel=\"stylesheet\" type=\"text/css\" href=\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\"\u003e\n \u003cscript src=\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\"\u003e\u003c/script\u003e\n \u003cscript src=\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\"\u003e\u003c/script\u003e\n \u003cscript\u003e\n window.addEventListener(\"load\", function(){\n window.cookieconsent.initialise({\n \"palette\": {\n \"popup\": { \"background\": \"var(--theme-primary)\", \"text\": \"var(--theme-text)\" },\n \"button\": { \"background\": \"var(--theme-accent)\", \"text\": \"var(--theme-text)\" }\n },\n \"theme\": \"classic\",\n \"position\": \"bottom-right\",\n \"content\": { \"message\": \"This website uses fruit cookies to ensure you get the juiciest tracking experience.\", \"dismiss\": \"Me want it!\", \"link\": \"But me wait!\", \"href\": \"https://www.youtube.com/watch?v=9PnbKL3wuH4\" }\n })});\n \u003c/script\u003e\n\u003cstyle\u003ehtml{--mat-sys-on-surface:initial}.mat-app-background{background-color:var(--mat-app-background-color, var(--mat-sys-background, transparent));color:var(--mat-app-text-color, var(--mat-sys-on-background, inherit))}.mat-typography{font:400 14px/20px Roboto,sans-serif;letter-spacing:.0178571429em}html{--mat-tooltip-supporting-text-font:Roboto, sans-serif;--mat-tooltip-supporting-text-size:12px;--mat-tooltip-supporting-text-weight:400;--mat-tooltip-supporting-text-tracking:.0333333333em}html{--mat-app-background-color:#fafafa;--mat-app-text-color:rgba(0, 0, 0, .87);--mat-app-elevation-shadow-level-0:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-1:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-2:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-3:0px 3px 3px -2px rgba(0, 0, 0, .2), 0px 3px 4px 0px rgba(0, 0, 0, .14), 0px 1px 8px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-4:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-5:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 5px 8px 0px rgba(0, 0, 0, .14), 0px 1px 14px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-6:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-7:0px 4px 5px -2px rgba(0, 0, 0, .2), 0px 7px 10px 1px rgba(0, 0, 0, .14), 0px 2px 16px 1px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-8:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-9:0px 5px 6px -3px rgba(0, 0, 0, .2), 0px 9px 12px 1px rgba(0, 0, 0, .14), 0px 3px 16px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-10:0px 6px 6px -3px rgba(0, 0, 0, .2), 0px 10px 14px 1px rgba(0, 0, 0, .14), 0px 4px 18px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-11:0px 6px 7px -4px rgba(0, 0, 0, .2), 0px 11px 15px 1px rgba(0, 0, 0, .14), 0px 4px 20px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-12:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-13:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 13px 19px 2px rgba(0, 0, 0, .14), 0px 5px 24px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-14:0px 7px 9px -4px rgba(0, 0, 0, .2), 0px 14px 21px 2px rgba(0, 0, 0, .14), 0px 5px 26px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-15:0px 8px 9px -5px rgba(0, 0, 0, .2), 0px 15px 22px 2px rgba(0, 0, 0, .14), 0px 6px 28px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-16:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-17:0px 8px 11px -5px rgba(0, 0, 0, .2), 0px 17px 26px 2px rgba(0, 0, 0, .14), 0px 6px 32px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-18:0px 9px 11px -5px rgba(0, 0, 0, .2), 0px 18px 28px 2px rgba(0, 0, 0, .14), 0px 7px 34px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-19:0px 9px 12px -6px rgba(0, 0, 0, .2), 0px 19px 29px 2px rgba(0, 0, 0, .14), 0px 7px 36px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-20:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 20px 31px 3px rgba(0, 0, 0, .14), 0px 8px 38px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-21:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 21px 33px 3px rgba(0, 0, 0, .14), 0px 8px 40px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-22:0px 10px 14px -6px rgba(0, 0, 0, .2), 0px 22px 35px 3px rgba(0, 0, 0, .14), 0px 8px 42px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-23:0px 11px 14px -7px rgba(0, 0, 0, .2), 0px 23px 36px 3px rgba(0, 0, 0, .14), 0px 9px 44px 8px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-24:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12)}html{--mat-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent)}html{--mat-option-selected-state-label-text-color:#673ab7;--mat-option-label-text-color:rgba(0, 0, 0, .87);--mat-option-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-option-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-option-selected-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent)}html{--mat-optgroup-label-text-color:rgba(0, 0, 0, .87)}html{--mat-pseudo-checkbox-full-selected-icon-color:#ffa000;--mat-pseudo-checkbox-full-selected-checkmark-color:#fafafa;--mat-pseudo-checkbox-full-unselected-icon-color:rgba(0, 0, 0, .54);--mat-pseudo-checkbox-full-disabled-selected-checkmark-color:#fafafa;--mat-pseudo-checkbox-full-disabled-unselected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-pseudo-checkbox-full-disabled-selected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-pseudo-checkbox-minimal-selected-checkmark-color:#ffa000;--mat-pseudo-checkbox-minimal-disabled-selected-checkmark-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-card-elevated-container-shape:4px;--mat-card-outlined-container-shape:4px;--mat-card-filled-container-shape:4px;--mat-card-outlined-outline-width:1px}html{--mat-card-elevated-container-color:white;--mat-card-elevated-container-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-card-outlined-container-color:white;--mat-card-outlined-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-card-outlined-outline-color:rgba(0, 0, 0, .12);--mat-card-subtitle-text-color:rgba(0, 0, 0, .54);--mat-card-filled-container-color:white;--mat-card-filled-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12)}html{--mat-progress-bar-active-indicator-height:4px;--mat-progress-bar-track-height:4px;--mat-progress-bar-track-shape:0}html{--mat-tooltip-container-shape:4px;--mat-tooltip-supporting-text-line-height:16px}html{--mat-tooltip-container-color:#424242;--mat-tooltip-supporting-text-color:white}html{--mat-form-field-filled-active-indicator-height:1px;--mat-form-field-filled-focus-active-indicator-height:2px;--mat-form-field-filled-container-shape:4px;--mat-form-field-outlined-outline-width:1px;--mat-form-field-outlined-focus-outline-width:2px;--mat-form-field-outlined-container-shape:4px}html{--mat-form-field-focus-select-arrow-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-filled-caret-color:#673ab7;--mat-form-field-filled-focus-active-indicator-color:#673ab7;--mat-form-field-filled-focus-label-text-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-outlined-caret-color:#673ab7;--mat-form-field-outlined-focus-outline-color:#673ab7;--mat-form-field-outlined-focus-label-text-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-disabled-input-text-placeholder-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-state-layer-color:rgba(0, 0, 0, .87);--mat-form-field-error-text-color:#f44336;--mat-form-field-select-option-text-color:inherit;--mat-form-field-select-disabled-option-text-color:GrayText;--mat-form-field-leading-icon-color:unset;--mat-form-field-disabled-leading-icon-color:unset;--mat-form-field-trailing-icon-color:unset;--mat-form-field-disabled-trailing-icon-color:unset;--mat-form-field-error-focus-trailing-icon-color:unset;--mat-form-field-error-hover-trailing-icon-color:unset;--mat-form-field-error-trailing-icon-color:unset;--mat-form-field-enabled-select-arrow-color:rgba(0, 0, 0, .54);--mat-form-field-disabled-select-arrow-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-hover-state-layer-opacity:.04;--mat-form-field-focus-state-layer-opacity:.12;--mat-form-field-filled-container-color:#f6f6f6;--mat-form-field-filled-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-form-field-filled-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-filled-hover-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-filled-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-filled-input-text-color:rgba(0, 0, 0, .87);--mat-form-field-filled-disabled-input-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-filled-input-text-placeholder-color:rgba(0, 0, 0, .54);--mat-form-field-filled-error-hover-label-text-color:#f44336;--mat-form-field-filled-error-focus-label-text-color:#f44336;--mat-form-field-filled-error-label-text-color:#f44336;--mat-form-field-filled-error-caret-color:#f44336;--mat-form-field-filled-active-indicator-color:rgba(0, 0, 0, .54);--mat-form-field-filled-disabled-active-indicator-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-form-field-filled-hover-active-indicator-color:rgba(0, 0, 0, .87);--mat-form-field-filled-error-active-indicator-color:#f44336;--mat-form-field-filled-error-focus-active-indicator-color:#f44336;--mat-form-field-filled-error-hover-active-indicator-color:#f44336;--mat-form-field-outlined-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-outlined-hover-label-text-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-outlined-input-text-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-disabled-input-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-outlined-input-text-placeholder-color:rgba(0, 0, 0, .54);--mat-form-field-outlined-error-caret-color:#f44336;--mat-form-field-outlined-error-focus-label-text-color:#f44336;--mat-form-field-outlined-error-label-text-color:#f44336;--mat-form-field-outlined-error-hover-label-text-color:#f44336;--mat-form-field-outlined-outline-color:rgba(0, 0, 0, .38);--mat-form-field-outlined-disabled-outline-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-form-field-outlined-hover-outline-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-error-focus-outline-color:#f44336;--mat-form-field-outlined-error-hover-outline-color:#f44336;--mat-form-field-outlined-error-outline-color:#f44336}html{--mat-form-field-container-height:56px;--mat-form-field-filled-label-display:block;--mat-form-field-container-vertical-padding:16px;--mat-form-field-filled-with-label-container-padding-top:24px;--mat-form-field-filled-with-label-container-padding-bottom:8px}html{--mat-select-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-select-panel-background-color:white;--mat-select-enabled-trigger-text-color:rgba(0, 0, 0, .87);--mat-select-disabled-trigger-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-select-placeholder-text-color:rgba(0, 0, 0, .54);--mat-select-enabled-arrow-color:rgba(0, 0, 0, .54);--mat-select-disabled-arrow-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-select-focused-arrow-color:#673ab7;--mat-select-invalid-arrow-color:#f44336}html{--mat-select-arrow-transform:translateY(-8px)}html{--mat-autocomplete-container-shape:4px;--mat-autocomplete-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-autocomplete-background-color:white}html{--mat-dialog-container-shape:4px;--mat-dialog-container-elevation-shadow:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12);--mat-dialog-container-max-width:80vw;--mat-dialog-container-small-max-width:80vw;--mat-dialog-container-min-width:0;--mat-dialog-actions-alignment:start;--mat-dialog-actions-padding:8px;--mat-dialog-content-padding:20px 24px;--mat-dialog-with-actions-content-padding:20px 24px;--mat-dialog-headline-padding:0 24px 9px}html{--mat-dialog-container-color:white;--mat-dialog-subhead-color:rgba(0, 0, 0, .87);--mat-dialog-supporting-text-color:rgba(0, 0, 0, .54)}html{--mat-slide-toggle-disabled-handle-opacity:.38;--mat-slide-toggle-disabled-selected-handle-opacity:.38;--mat-slide-toggle-disabled-selected-icon-opacity:.38;--mat-slide-toggle-disabled-track-opacity:.12;--mat-slide-toggle-disabled-unselected-handle-opacity:.38;--mat-slide-toggle-disabled-unselected-icon-opacity:.38;--mat-slide-toggle-disabled-unselected-track-outline-color:transparent;--mat-slide-toggle-disabled-unselected-track-outline-width:1px;--mat-slide-toggle-handle-height:20px;--mat-slide-toggle-handle-shape:10px;--mat-slide-toggle-handle-width:20px;--mat-slide-toggle-hidden-track-opacity:1;--mat-slide-toggle-hidden-track-transition:transform 75ms 0ms cubic-bezier(.4, 0, .6, 1);--mat-slide-toggle-pressed-handle-size:20px;--mat-slide-toggle-selected-focus-state-layer-opacity:.12;--mat-slide-toggle-selected-handle-horizontal-margin:0;--mat-slide-toggle-selected-handle-size:20px;--mat-slide-toggle-selected-hover-state-layer-opacity:.04;--mat-slide-toggle-selected-icon-size:18px;--mat-slide-toggle-selected-pressed-handle-horizontal-margin:0;--mat-slide-toggle-selected-pressed-state-layer-opacity:.12;--mat-slide-toggle-selected-track-outline-color:transparent;--mat-slide-toggle-selected-track-outline-width:1px;--mat-slide-toggle-selected-with-icon-handle-horizontal-margin:0;--mat-slide-toggle-track-height:14px;--mat-slide-toggle-track-outline-color:transparent;--mat-slide-toggle-track-outline-width:1px;--mat-slide-toggle-track-shape:7px;--mat-slide-toggle-track-width:36px;--mat-slide-toggle-unselected-focus-state-layer-opacity:.12;--mat-slide-toggle-unselected-handle-horizontal-margin:0;--mat-slide-toggle-unselected-handle-size:20px;--mat-slide-toggle-unselected-hover-state-layer-opacity:.12;--mat-slide-toggle-unselected-icon-size:18px;--mat-slide-toggle-unselected-pressed-handle-horizontal-margin:0;--mat-slide-toggle-unselected-pressed-state-layer-opacity:.1;--mat-slide-toggle-unselected-with-icon-handle-horizontal-margin:0;--mat-slide-toggle-visible-track-opacity:1;--mat-slide-toggle-visible-track-transition:transform 75ms 0ms cubic-bezier(0, 0, .2, 1);--mat-slide-toggle-with-icon-handle-size:20px;--mat-slide-toggle-touch-target-size:48px}html{--mat-slide-toggle-selected-icon-color:white;--mat-slide-toggle-disabled-selected-icon-color:white;--mat-slide-toggle-selected-focus-state-layer-color:#673ab7;--mat-slide-toggle-selected-handle-color:#673ab7;--mat-slide-toggle-selected-hover-state-layer-color:#673ab7;--mat-slide-toggle-selected-pressed-state-layer-color:#673ab7;--mat-slide-toggle-selected-focus-handle-color:#673ab7;--mat-slide-toggle-selected-hover-handle-color:#673ab7;--mat-slide-toggle-selected-pressed-handle-color:#673ab7;--mat-slide-toggle-selected-focus-track-color:#9575cd;--mat-slide-toggle-selected-hover-track-color:#9575cd;--mat-slide-toggle-selected-pressed-track-color:#9575cd;--mat-slide-toggle-selected-track-color:#9575cd;--mat-slide-toggle-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-slide-toggle-disabled-handle-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-disabled-selected-handle-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-selected-track-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-unselected-handle-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-unselected-icon-color:#f6f6f6;--mat-slide-toggle-disabled-unselected-track-color:rgba(0, 0, 0, .87);--mat-slide-toggle-handle-elevation-shadow:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-handle-surface-color:white;--mat-slide-toggle-label-text-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-hover-handle-color:#424242;--mat-slide-toggle-unselected-focus-handle-color:#424242;--mat-slide-toggle-unselected-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-focus-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-icon-color:#f6f6f6;--mat-slide-toggle-unselected-handle-color:rgba(0, 0, 0, .54);--mat-slide-toggle-unselected-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-hover-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-pressed-handle-color:#424242;--mat-slide-toggle-unselected-pressed-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-pressed-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-track-color:rgba(0, 0, 0, .12)}html{--mat-slide-toggle-state-layer-size:40px;--mat-slide-toggle-touch-target-display:block}html{--mat-radio-disabled-selected-icon-opacity:.38;--mat-radio-disabled-unselected-icon-opacity:.38;--mat-radio-state-layer-size:40px;--mat-radio-touch-target-size:48px}html{--mat-radio-state-layer-size:40px;--mat-radio-touch-target-display:block}html{--mat-slider-active-track-height:6px;--mat-slider-active-track-shape:9999px;--mat-slider-handle-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slider-handle-height:20px;--mat-slider-handle-shape:50%;--mat-slider-handle-width:20px;--mat-slider-inactive-track-height:4px;--mat-slider-inactive-track-shape:9999px;--mat-slider-value-indicator-border-radius:4px;--mat-slider-value-indicator-caret-display:block;--mat-slider-value-indicator-container-transform:translateX(-50%);--mat-slider-value-indicator-height:32px;--mat-slider-value-indicator-padding:0 12px;--mat-slider-value-indicator-text-transform:none;--mat-slider-value-indicator-width:auto;--mat-slider-with-overlap-handle-outline-width:1px;--mat-slider-with-tick-marks-active-container-opacity:.6;--mat-slider-with-tick-marks-container-shape:50%;--mat-slider-with-tick-marks-container-size:2px;--mat-slider-with-tick-marks-inactive-container-opacity:.6}html{--mat-slider-active-track-color:#673ab7;--mat-slider-focus-handle-color:#673ab7;--mat-slider-handle-color:#673ab7;--mat-slider-hover-handle-color:#673ab7;--mat-slider-focus-state-layer-color:color-mix(in srgb, #673ab7 12%, transparent);--mat-slider-hover-state-layer-color:color-mix(in srgb, #673ab7 4%, transparent);--mat-slider-inactive-track-color:#673ab7;--mat-slider-ripple-color:#673ab7;--mat-slider-with-tick-marks-active-container-color:white;--mat-slider-with-tick-marks-inactive-container-color:#673ab7;--mat-slider-disabled-active-track-color:rgba(0, 0, 0, .87);--mat-slider-disabled-handle-color:rgba(0, 0, 0, .87);--mat-slider-disabled-inactive-track-color:rgba(0, 0, 0, .87);--mat-slider-label-container-color:#424242;--mat-slider-label-label-text-color:white;--mat-slider-value-indicator-opacity:1;--mat-slider-with-overlap-handle-outline-color:rgba(0, 0, 0, .87);--mat-slider-with-tick-marks-disabled-container-color:rgba(0, 0, 0, .87)}html{--mat-menu-container-shape:4px;--mat-menu-divider-bottom-spacing:0;--mat-menu-divider-top-spacing:0;--mat-menu-item-spacing:16px;--mat-menu-item-icon-size:24px;--mat-menu-item-leading-spacing:16px;--mat-menu-item-trailing-spacing:16px;--mat-menu-item-with-icon-leading-spacing:16px;--mat-menu-item-with-icon-trailing-spacing:16px;--mat-menu-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-menu-item-label-text-color:rgba(0, 0, 0, .87);--mat-menu-item-icon-color:rgba(0, 0, 0, .87);--mat-menu-item-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-menu-item-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-menu-container-color:white;--mat-menu-divider-color:rgba(0, 0, 0, .12)}html{--mat-list-active-indicator-color:transparent;--mat-list-active-indicator-shape:4px;--mat-list-list-item-container-shape:0;--mat-list-list-item-leading-avatar-shape:50%;--mat-list-list-item-container-color:transparent;--mat-list-list-item-selected-container-color:transparent;--mat-list-list-item-leading-avatar-color:transparent;--mat-list-list-item-leading-icon-size:24px;--mat-list-list-item-leading-avatar-size:40px;--mat-list-list-item-trailing-icon-size:24px;--mat-list-list-item-disabled-state-layer-color:transparent;--mat-list-list-item-disabled-state-layer-opacity:0;--mat-list-list-item-disabled-label-text-opacity:.38;--mat-list-list-item-disabled-leading-icon-opacity:.38;--mat-list-list-item-disabled-trailing-icon-opacity:.38}html{--mat-list-list-item-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-supporting-text-color:rgba(0, 0, 0, .54);--mat-list-list-item-leading-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-trailing-supporting-text-color:rgba(0, 0, 0, .54);--mat-list-list-item-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-selected-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-disabled-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-disabled-leading-icon-color:rgba(0, 0, 0, .87);--mat-list-list-item-disabled-trailing-icon-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-leading-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-state-layer-opacity:.04;--mat-list-list-item-hover-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-focus-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-list-list-item-focus-state-layer-opacity:.12}html{--mat-list-list-item-leading-icon-start-space:16px;--mat-list-list-item-leading-icon-end-space:32px;--mat-list-list-item-one-line-container-height:48px;--mat-list-list-item-two-line-container-height:64px;--mat-list-list-item-three-line-container-height:88px}html{--mat-paginator-page-size-select-width:84px;--mat-paginator-page-size-select-touch-target-height:48px}html{--mat-paginator-container-text-color:rgba(0, 0, 0, .87);--mat-paginator-container-background-color:white;--mat-paginator-enabled-icon-color:rgba(0, 0, 0, .54);--mat-paginator-disabled-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-paginator-container-size:56px;--mat-paginator-form-field-container-height:40px;--mat-paginator-form-field-container-vertical-padding:8px;--mat-paginator-touch-target-display:block}html{--mat-tab-container-height:48px;--mat-tab-divider-color:transparent;--mat-tab-divider-height:0;--mat-tab-active-indicator-height:2px;--mat-tab-active-indicator-shape:0}html{--mat-checkbox-disabled-selected-checkmark-color:white;--mat-checkbox-selected-focus-state-layer-opacity:.12;--mat-checkbox-selected-hover-state-layer-opacity:.04;--mat-checkbox-selected-pressed-state-layer-opacity:.12;--mat-checkbox-unselected-focus-state-layer-opacity:.12;--mat-checkbox-unselected-hover-state-layer-opacity:.04;--mat-checkbox-unselected-pressed-state-layer-opacity:.12;--mat-checkbox-touch-target-size:48px}html{--mat-checkbox-disabled-label-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-label-text-color:rgba(0, 0, 0, .87);--mat-checkbox-disabled-selected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-disabled-unselected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-selected-checkmark-color:rgba(0, 0, 0, .87);--mat-checkbox-selected-focus-icon-color:#ffa000;--mat-checkbox-selected-hover-icon-color:#ffa000;--mat-checkbox-selected-icon-color:#ffa000;--mat-checkbox-selected-pressed-icon-color:#ffa000;--mat-checkbox-unselected-focus-icon-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-hover-icon-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-icon-color:rgba(0, 0, 0, .54);--mat-checkbox-selected-focus-state-layer-color:#ffa000;--mat-checkbox-selected-hover-state-layer-color:#ffa000;--mat-checkbox-selected-pressed-state-layer-color:#ffa000;--mat-checkbox-unselected-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-pressed-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-checkbox-touch-target-display:block;--mat-checkbox-state-layer-size:40px}html{--mat-button-filled-container-shape:4px;--mat-button-filled-horizontal-padding:16px;--mat-button-filled-icon-offset:-4px;--mat-button-filled-icon-spacing:8px;--mat-button-filled-touch-target-size:48px;--mat-button-outlined-container-shape:4px;--mat-button-outlined-horizontal-padding:15px;--mat-button-outlined-icon-offset:-4px;--mat-button-outlined-icon-spacing:8px;--mat-button-outlined-keep-touch-target:false;--mat-button-outlined-outline-width:1px;--mat-button-outlined-touch-target-size:48px;--mat-button-protected-container-elevation-shadow:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-button-protected-container-shape:4px;--mat-button-protected-disabled-container-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-button-protected-focus-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-button-protected-horizontal-padding:16px;--mat-button-protected-hover-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-button-protected-icon-offset:-4px;--mat-button-protected-icon-spacing:8px;--mat-button-protected-pressed-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-button-protected-touch-target-size:48px;--mat-button-text-container-shape:4px;--mat-button-text-horizontal-padding:8px;--mat-button-text-icon-offset:0;--mat-button-text-icon-spacing:8px;--mat-button-text-with-icon-horizontal-padding:8px;--mat-button-text-touch-target-size:48px;--mat-button-tonal-container-shape:4px;--mat-button-tonal-horizontal-padding:16px;--mat-button-tonal-icon-offset:-4px;--mat-button-tonal-icon-spacing:8px;--mat-button-tonal-touch-target-size:48px}html{--mat-button-filled-container-color:white;--mat-button-filled-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-filled-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-filled-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-filled-focus-state-layer-opacity:.12;--mat-button-filled-hover-state-layer-opacity:.04;--mat-button-filled-label-text-color:rgba(0, 0, 0, .87);--mat-button-filled-pressed-state-layer-opacity:.12;--mat-button-filled-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-filled-state-layer-color:rgba(0, 0, 0, .87);--mat-button-outlined-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-outlined-disabled-outline-color:rgba(0, 0, 0, .12);--mat-button-outlined-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-outlined-focus-state-layer-opacity:.12;--mat-button-outlined-hover-state-layer-opacity:.04;--mat-button-outlined-label-text-color:rgba(0, 0, 0, .87);--mat-button-outlined-outline-color:rgba(0, 0, 0, .12);--mat-button-outlined-pressed-state-layer-opacity:.12;--mat-button-outlined-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-outlined-state-layer-color:rgba(0, 0, 0, .87);--mat-button-protected-container-color:white;--mat-button-protected-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-protected-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-protected-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-protected-focus-state-layer-opacity:.12;--mat-button-protected-hover-state-layer-opacity:.04;--mat-button-protected-label-text-color:rgba(0, 0, 0, .87);--mat-button-protected-pressed-state-layer-opacity:.12;--mat-button-protected-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-protected-state-layer-color:rgba(0, 0, 0, .87);--mat-button-text-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-text-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-text-focus-state-layer-opacity:.12;--mat-button-text-hover-state-layer-opacity:.04;--mat-button-text-label-text-color:rgba(0, 0, 0, .87);--mat-button-text-pressed-state-layer-opacity:.12;--mat-button-text-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-text-state-layer-color:rgba(0, 0, 0, .87);--mat-button-tonal-container-color:white;--mat-button-tonal-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-tonal-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-tonal-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-tonal-focus-state-layer-opacity:.12;--mat-button-tonal-hover-state-layer-opacity:.04;--mat-button-tonal-label-text-color:rgba(0, 0, 0, .87);--mat-button-tonal-pressed-state-layer-opacity:.12;--mat-button-tonal-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-tonal-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-button-filled-container-height:36px;--mat-button-filled-touch-target-display:block;--mat-button-outlined-container-height:36px;--mat-button-outlined-touch-target-display:block;--mat-button-protected-container-height:36px;--mat-button-protected-touch-target-display:block;--mat-button-text-container-height:36px;--mat-button-text-touch-target-display:block;--mat-button-tonal-container-height:36px;--mat-button-tonal-touch-target-display:block}html{--mat-icon-button-icon-size:24px;--mat-icon-button-container-shape:50%;--mat-icon-button-touch-target-size:48px}html{--mat-icon-button-disabled-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-icon-button-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-icon-button-focus-state-layer-opacity:.12;--mat-icon-button-hover-state-layer-opacity:.04;--mat-icon-button-icon-color:inherit;--mat-icon-button-pressed-state-layer-opacity:.12;--mat-icon-button-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-icon-button-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-icon-button-touch-target-display:block}html{--mat-fab-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-container-shape:50%;--mat-fab-touch-target-size:48px;--mat-fab-extended-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-extended-container-height:48px;--mat-fab-extended-container-shape:24px;--mat-fab-extended-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-extended-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-extended-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-fab-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-fab-small-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-small-container-shape:50%;--mat-fab-small-touch-target-size:48px;--mat-fab-small-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-small-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-small-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12)}html{--mat-fab-container-color:white;--mat-fab-disabled-state-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-disabled-state-foreground-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-fab-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-fab-focus-state-layer-opacity:.12;--mat-fab-foreground-color:rgba(0, 0, 0, .87);--mat-fab-hover-state-layer-opacity:.04;--mat-fab-pressed-state-layer-opacity:.12;--mat-fab-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-container-color:white;--mat-fab-small-disabled-state-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-disabled-state-foreground-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-fab-small-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-fab-small-focus-state-layer-opacity:.12;--mat-fab-small-foreground-color:rgba(0, 0, 0, .87);--mat-fab-small-hover-state-layer-opacity:.04;--mat-fab-small-pressed-state-layer-opacity:.12;--mat-fab-small-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-state-layer-color:rgba(0, 0, 0, .87);--mat-fab-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-fab-small-touch-target-display:block;--mat-fab-touch-target-display:block}html{--mat-snack-bar-container-shape:4px}html{--mat-snack-bar-container-color:#424242;--mat-snack-bar-supporting-text-color:white;--mat-snack-bar-button-color:#9575cd}html{--mat-table-row-item-outline-width:1px}html{--mat-table-background-color:white;--mat-table-header-headline-color:rgba(0, 0, 0, .87);--mat-table-row-item-label-text-color:rgba(0, 0, 0, .87);--mat-table-row-item-outline-color:rgba(0, 0, 0, .12)}html{--mat-table-header-container-height:56px;--mat-table-footer-container-height:52px;--mat-table-row-item-container-height:52px}html{--mat-progress-spinner-active-indicator-width:4px;--mat-progress-spinner-size:48px}html{--mat-progress-spinner-active-indicator-color:#673ab7}html{--mat-badge-container-shape:50%;--mat-badge-container-size:unset;--mat-badge-small-size-container-size:unset;--mat-badge-large-size-container-size:unset;--mat-badge-legacy-container-size:22px;--mat-badge-legacy-small-size-container-size:16px;--mat-badge-legacy-large-size-container-size:28px;--mat-badge-container-offset:-11px 0;--mat-badge-small-size-container-offset:-8px 0;--mat-badge-large-size-container-offset:-14px 0;--mat-badge-container-overlap-offset:-11px;--mat-badge-small-size-container-overlap-offset:-8px;--mat-badge-large-size-container-overlap-offset:-14px;--mat-badge-container-padding:0;--mat-badge-small-size-container-padding:0;--mat-badge-large-size-container-padding:0}html{--mat-badge-background-color:#673ab7;--mat-badge-text-color:white;--mat-badge-disabled-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-badge-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-bottom-sheet-container-shape:4px}html{--mat-bottom-sheet-container-text-color:rgba(0, 0, 0, .87);--mat-bottom-sheet-container-background-color:white}html{--mat-button-toggle-focus-state-layer-opacity:.12;--mat-button-toggle-hover-state-layer-opacity:.04;--mat-button-toggle-legacy-focus-state-layer-opacity:1;--mat-button-toggle-legacy-height:36px;--mat-button-toggle-legacy-shape:2px;--mat-button-toggle-shape:4px}html{--mat-button-toggle-background-color:white;--mat-button-toggle-disabled-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-disabled-selected-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-disabled-state-background-color:white;--mat-button-toggle-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-divider-color:rgba(0, 0, 0, .12);--mat-button-toggle-legacy-disabled-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-disabled-state-background-color:white;--mat-button-toggle-legacy-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-legacy-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-selected-state-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-legacy-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-selected-state-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-state-layer-color:rgba(0, 0, 0, .87);--mat-button-toggle-text-color:rgba(0, 0, 0, .87)}html{--mat-button-toggle-height:48px}html{--mat-datepicker-calendar-container-shape:4px;--mat-datepicker-calendar-container-touch-shape:4px;--mat-datepicker-calendar-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-datepicker-calendar-container-touch-elevation-shadow:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12)}html{--mat-datepicker-calendar-date-in-range-state-background-color:color-mix(in srgb, #673ab7 20%, transparent);--mat-datepicker-calendar-date-in-comparison-range-state-background-color:color-mix(in srgb, #ffa000 20%, transparent);--mat-datepicker-calendar-date-in-overlap-range-state-background-color:#a8dab5;--mat-datepicker-calendar-date-in-overlap-range-selected-state-background-color:rgb(69.5241935484, 163.4758064516, 93.9516129032);--mat-datepicker-calendar-date-selected-state-text-color:white;--mat-datepicker-calendar-date-selected-state-background-color:#673ab7;--mat-datepicker-calendar-date-selected-disabled-state-background-color:color-mix(in srgb, #673ab7 38%, transparent);--mat-datepicker-calendar-date-today-selected-state-outline-color:white;--mat-datepicker-calendar-date-focus-state-background-color:color-mix(in srgb, #673ab7 12%, transparent);--mat-datepicker-calendar-date-hover-state-background-color:color-mix(in srgb, #673ab7 4%, transparent);--mat-datepicker-toggle-active-state-icon-color:#673ab7;--mat-datepicker-toggle-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-body-label-text-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-period-button-text-color:rgba(0, 0, 0, .87);--mat-datepicker-calendar-period-button-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-navigation-button-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-header-divider-color:rgba(0, 0, 0, .12);--mat-datepicker-calendar-header-text-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-date-today-outline-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-date-today-disabled-state-outline-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-date-text-color:rgba(0, 0, 0, .87);--mat-datepicker-calendar-date-outline-color:transparent;--mat-datepicker-calendar-date-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-date-preview-state-outline-color:rgba(0, 0, 0, .54);--mat-datepicker-range-input-separator-color:rgba(0, 0, 0, .87);--mat-datepicker-range-input-disabled-state-separator-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-range-input-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-container-background-color:white;--mat-datepicker-calendar-container-text-color:rgba(0, 0, 0, .87)}html{--mat-divider-width:1px}html{--mat-divider-color:rgba(0, 0, 0, .12)}html{--mat-expansion-container-shape:4px;--mat-expansion-container-elevation-shadow:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-expansion-legacy-header-indicator-display:inline-block;--mat-expansion-header-indicator-display:none}html{--mat-expansion-container-background-color:white;--mat-expansion-container-text-color:rgba(0, 0, 0, .87);--mat-expansion-actions-divider-color:rgba(0, 0, 0, .12);--mat-expansion-header-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-expansion-header-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-expansion-header-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-expansion-header-text-color:rgba(0, 0, 0, .87);--mat-expansion-header-description-color:rgba(0, 0, 0, .54);--mat-expansion-header-indicator-color:rgba(0, 0, 0, .54)}html{--mat-expansion-header-collapsed-state-height:48px;--mat-expansion-header-expanded-state-height:64px}html{--mat-icon-color:inherit}html{--mat-sidenav-container-shape:0;--mat-sidenav-container-elevation-shadow:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-sidenav-container-width:auto}html{--mat-sidenav-container-divider-color:rgba(0, 0, 0, .12);--mat-sidenav-container-background-color:white;--mat-sidenav-container-text-color:rgba(0, 0, 0, .87);--mat-sidenav-content-background-color:#fafafa;--mat-sidenav-content-text-color:rgba(0, 0, 0, .87);--mat-sidenav-scrim-color:rgba(0, 0, 0, .6)}html{--mat-stepper-header-focus-state-layer-shape:0;--mat-stepper-header-hover-state-layer-shape:0}html{--mat-stepper-header-icon-foreground-color:white;--mat-stepper-header-selected-state-icon-background-color:#673ab7;--mat-stepper-header-selected-state-icon-foreground-color:white;--mat-stepper-header-done-state-icon-background-color:#673ab7;--mat-stepper-header-done-state-icon-foreground-color:white;--mat-stepper-header-edit-state-icon-background-color:#673ab7;--mat-stepper-header-edit-state-icon-foreground-color:white;--mat-stepper-container-color:white;--mat-stepper-line-color:rgba(0, 0, 0, .12);--mat-stepper-header-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-stepper-header-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-stepper-header-label-text-color:rgba(0, 0, 0, .54);--mat-stepper-header-optional-label-text-color:rgba(0, 0, 0, .54);--mat-stepper-header-selected-state-label-text-color:rgba(0, 0, 0, .87);--mat-stepper-header-error-state-label-text-color:#f44336;--mat-stepper-header-icon-background-color:rgba(0, 0, 0, .54);--mat-stepper-header-error-state-icon-foreground-color:#f44336;--mat-stepper-header-error-state-icon-background-color:transparent}html{--mat-stepper-header-height:72px}html{--mat-sort-arrow-color:rgba(0, 0, 0, .87)}html{--mat-toolbar-container-background-color:white;--mat-toolbar-container-text-color:rgba(0, 0, 0, .87)}html{--mat-toolbar-standard-height:64px;--mat-toolbar-mobile-height:56px}html{--mat-tree-container-background-color:white;--mat-tree-node-text-color:rgba(0, 0, 0, .87)}html{--mat-tree-node-min-height:48px}html{--mat-timepicker-container-shape:4px;--mat-timepicker-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-timepicker-container-background-color:white}.bluegrey-lightgreen-theme{--mat-app-background-color:#303030;--mat-app-text-color:white;--mat-app-elevation-shadow-level-0:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-1:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-2:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-3:0px 3px 3px -2px rgba(0, 0, 0, .2), 0px 3px 4px 0px rgba(0, 0, 0, .14), 0px 1px 8px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-4:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-5:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 5px 8px 0px rgba(0, 0, 0, .14), 0px 1px 14px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-6:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-7:0px 4px 5px -2px rgba(0, 0, 0, .2), 0px 7px 10px 1px rgba(0, 0, 0, .14), 0px 2px 16px 1px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-8:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-9:0px 5px 6px -3px rgba(0, 0, 0, .2), 0px 9px 12px 1px rgba(0, 0, 0, .14), 0px 3px 16px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-10:0px 6px 6px -3px rgba(0, 0, 0, .2), 0px 10px 14px 1px rgba(0, 0, 0, .14), 0px 4px 18px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-11:0px 6px 7px -4px rgba(0, 0, 0, .2), 0px 11px 15px 1px rgba(0, 0, 0, .14), 0px 4px 20px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-12:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-13:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 13px 19px 2px rgba(0, 0, 0, .14), 0px 5px 24px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-14:0px 7px 9px -4px rgba(0, 0, 0, .2), 0px 14px 21px 2px rgba(0, 0, 0, .14), 0px 5px 26px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-15:0px 8px 9px -5px rgba(0, 0, 0, .2), 0px 15px 22px 2px rgba(0, 0, 0, .14), 0px 6px 28px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-16:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-17:0px 8px 11px -5px rgba(0, 0, 0, .2), 0px 17px 26px 2px rgba(0, 0, 0, .14), 0px 6px 32px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-18:0px 9px 11px -5px rgba(0, 0, 0, .2), 0px 18px 28px 2px rgba(0, 0, 0, .14), 0px 7px 34px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-19:0px 9px 12px -6px rgba(0, 0, 0, .2), 0px 19px 29px 2px rgba(0, 0, 0, .14), 0px 7px 36px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-20:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 20px 31px 3px rgba(0, 0, 0, .14), 0px 8px 38px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-21:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 21px 33px 3px rgba(0, 0, 0, .14), 0px 8px 40px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-22:0px 10px 14px -6px rgba(0, 0, 0, .2), 0px 22px 35px 3px rgba(0, 0, 0, .14), 0px 8px 42px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-23:0px 11px 14px -7px rgba(0, 0, 0, .2), 0px 23px 36px 3px rgba(0, 0, 0, .14), 0px 9px 44px 8px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-24:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12);--mat-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-option-selected-state-label-text-color:#546e7a;--mat-option-label-text-color:white;--mat-option-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-option-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-option-selected-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-optgroup-label-text-color:white;--mat-pseudo-checkbox-full-selected-icon-color:#689f38;--mat-pseudo-checkbox-full-selected-checkmark-color:#303030;--mat-pseudo-checkbox-full-unselected-icon-color:rgba(255, 255, 255, .7);--mat-pseudo-checkbox-full-disabled-selected-checkmark-color:#303030;--mat-pseudo-checkbox-full-disabled-unselected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-pseudo-checkbox-full-disabled-selected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-pseudo-checkbox-minimal-selected-checkmark-color:#689f38;--mat-pseudo-checkbox-minimal-disabled-selected-checkmark-color:color-mix(in srgb, white 38%, transparent);--mat-card-elevated-container-color:#424242;--mat-card-elevated-container-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-card-outlined-container-color:#424242;--mat-card-outlined-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-card-outlined-outline-color:rgba(255, 255, 255, .12);--mat-card-subtitle-text-color:rgba(255, 255, 255, .7);--mat-card-filled-container-color:#424242;--mat-card-filled-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-tooltip-container-color:white;--mat-tooltip-supporting-text-color:rgba(0, 0, 0, .87);--mat-form-field-focus-select-arrow-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-filled-caret-color:#546e7a;--mat-form-field-filled-focus-active-indicator-color:#546e7a;--mat-form-field-filled-focus-label-text-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-outlined-caret-color:#546e7a;--mat-form-field-outlined-focus-outline-color:#546e7a;--mat-form-field-outlined-focus-label-text-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-disabled-input-text-placeholder-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-state-layer-color:white;--mat-form-field-error-text-color:#ff5722;--mat-form-field-select-option-text-color:rgba(0, 0, 0, .87);--mat-form-field-select-disabled-option-text-color:rgba(0, 0, 0, .38);--mat-form-field-leading-icon-color:unset;--mat-form-field-disabled-leading-icon-color:unset;--mat-form-field-trailing-icon-color:unset;--mat-form-field-disabled-trailing-icon-color:unset;--mat-form-field-error-focus-trailing-icon-color:unset;--mat-form-field-error-hover-trailing-icon-color:unset;--mat-form-field-error-trailing-icon-color:unset;--mat-form-field-enabled-select-arrow-color:rgba(255, 255, 255, .7);--mat-form-field-disabled-select-arrow-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-hover-state-layer-opacity:.04;--mat-form-field-focus-state-layer-opacity:.12;--mat-form-field-filled-container-color:#4a4a4a;--mat-form-field-filled-disabled-container-color:color-mix(in srgb, white 4%, transparent);--mat-form-field-filled-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-filled-hover-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-filled-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-filled-input-text-color:white;--mat-form-field-filled-disabled-input-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-filled-input-text-placeholder-color:rgba(255, 255, 255, .7);--mat-form-field-filled-error-hover-label-text-color:#ff5722;--mat-form-field-filled-error-focus-label-text-color:#ff5722;--mat-form-field-filled-error-label-text-color:#ff5722;--mat-form-field-filled-error-caret-color:#ff5722;--mat-form-field-filled-active-indicator-color:rgba(255, 255, 255, .7);--mat-form-field-filled-disabled-active-indicator-color:color-mix(in srgb, white 12%, transparent);--mat-form-field-filled-hover-active-indicator-color:white;--mat-form-field-filled-error-active-indicator-color:#ff5722;--mat-form-field-filled-error-focus-active-indicator-color:#ff5722;--mat-form-field-filled-error-hover-active-indicator-color:#ff5722;--mat-form-field-outlined-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-outlined-hover-label-text-color:white;--mat-form-field-outlined-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-outlined-input-text-color:white;--mat-form-field-outlined-disabled-input-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-outlined-input-text-placeholder-color:rgba(255, 255, 255, .7);--mat-form-field-outlined-error-caret-color:#ff5722;--mat-form-field-outlined-error-focus-label-text-color:#ff5722;--mat-form-field-outlined-error-label-text-color:#ff5722;--mat-form-field-outlined-error-hover-label-text-color:#ff5722;--mat-form-field-outlined-outline-color:rgba(255, 255, 255, .38);--mat-form-field-outlined-disabled-outline-color:color-mix(in srgb, white 12%, transparent);--mat-form-field-outlined-hover-outline-color:white;--mat-form-field-outlined-error-focus-outline-color:#ff5722;--mat-form-field-outlined-error-hover-outline-color:#ff5722;--mat-form-field-outlined-error-outline-color:#ff5722;--mat-select-panel-background-color:#424242;--mat-select-enabled-trigger-text-color:white;--mat-select-disabled-trigger-text-color:color-mix(in srgb, white 38%, transparent);--mat-select-placeholder-text-color:rgba(255, 255, 255, .7);--mat-select-enabled-arrow-color:rgba(255, 255, 255, .7);--mat-select-disabled-arrow-color:color-mix(in srgb, white 38%, transparent);--mat-select-focused-arrow-color:#546e7a;--mat-select-invalid-arrow-color:#ff5722;--mat-autocomplete-background-color:#424242;--mat-dialog-container-color:#424242;--mat-dialog-subhead-color:white;--mat-dialog-supporting-text-color:rgba(255, 255, 255, .7);--mat-slide-toggle-selected-icon-color:white;--mat-slide-toggle-disabled-selected-icon-color:white;--mat-slide-toggle-selected-focus-state-layer-color:#546e7a;--mat-slide-toggle-selected-handle-color:#546e7a;--mat-slide-toggle-selected-hover-state-layer-color:#546e7a;--mat-slide-toggle-selected-pressed-state-layer-color:#546e7a;--mat-slide-toggle-selected-focus-handle-color:#546e7a;--mat-slide-toggle-selected-hover-handle-color:#546e7a;--mat-slide-toggle-selected-pressed-handle-color:#546e7a;--mat-slide-toggle-selected-focus-track-color:#546e7a;--mat-slide-toggle-selected-hover-track-color:#546e7a;--mat-slide-toggle-selected-pressed-track-color:#546e7a;--mat-slide-toggle-selected-track-color:#546e7a;--mat-slide-toggle-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-slide-toggle-disabled-handle-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-disabled-selected-handle-color:white;--mat-slide-toggle-disabled-selected-track-color:white;--mat-slide-toggle-disabled-unselected-handle-color:white;--mat-slide-toggle-disabled-unselected-icon-color:#4a4a4a;--mat-slide-toggle-disabled-unselected-track-color:white;--mat-slide-toggle-handle-elevation-shadow:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-handle-surface-color:#424242;--mat-slide-toggle-label-text-color:white;--mat-slide-toggle-unselected-hover-handle-color:white;--mat-slide-toggle-unselected-focus-handle-color:white;--mat-slide-toggle-unselected-focus-state-layer-color:white;--mat-slide-toggle-unselected-focus-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-icon-color:#4a4a4a;--mat-slide-toggle-unselected-handle-color:rgba(255, 255, 255, .7);--mat-slide-toggle-unselected-hover-state-layer-color:white;--mat-slide-toggle-unselected-hover-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-pressed-handle-color:white;--mat-slide-toggle-unselected-pressed-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-pressed-state-layer-color:white;--mat-slide-toggle-unselected-track-color:rgba(255, 255, 255, .12);--mat-slider-active-track-color:#546e7a;--mat-slider-focus-handle-color:#546e7a;--mat-slider-handle-color:#546e7a;--mat-slider-hover-handle-color:#546e7a;--mat-slider-focus-state-layer-color:color-mix(in srgb, #546e7a 12%, transparent);--mat-slider-hover-state-layer-color:color-mix(in srgb, #546e7a 4%, transparent);--mat-slider-inactive-track-color:#546e7a;--mat-slider-ripple-color:#546e7a;--mat-slider-with-tick-marks-active-container-color:white;--mat-slider-with-tick-marks-inactive-container-color:#546e7a;--mat-slider-disabled-active-track-color:white;--mat-slider-disabled-handle-color:white;--mat-slider-disabled-inactive-track-color:white;--mat-slider-label-container-color:white;--mat-slider-label-label-text-color:rgba(0, 0, 0, .87);--mat-slider-value-indicator-opacity:1;--mat-slider-with-overlap-handle-outline-color:white;--mat-slider-with-tick-marks-disabled-container-color:white;--mat-menu-item-label-text-color:white;--mat-menu-item-icon-color:white;--mat-menu-item-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-menu-item-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-menu-container-color:#424242;--mat-menu-divider-color:rgba(255, 255, 255, .12);--mat-list-list-item-label-text-color:white;--mat-list-list-item-supporting-text-color:rgba(255, 255, 255, .7);--mat-list-list-item-leading-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-trailing-supporting-text-color:rgba(255, 255, 255, .7);--mat-list-list-item-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-selected-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-disabled-label-text-color:white;--mat-list-list-item-disabled-leading-icon-color:white;--mat-list-list-item-disabled-trailing-icon-color:white;--mat-list-list-item-hover-label-text-color:white;--mat-list-list-item-hover-leading-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-hover-state-layer-color:white;--mat-list-list-item-hover-state-layer-opacity:.04;--mat-list-list-item-hover-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-focus-label-text-color:white;--mat-list-list-item-focus-state-layer-color:white;--mat-list-list-item-focus-state-layer-opacity:.12;--mat-paginator-container-text-color:white;--mat-paginator-container-background-color:#424242;--mat-paginator-enabled-icon-color:rgba(255, 255, 255, .7);--mat-paginator-disabled-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-disabled-label-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-label-text-color:white;--mat-checkbox-disabled-selected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-disabled-unselected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-selected-checkmark-color:white;--mat-checkbox-selected-focus-icon-color:#689f38;--mat-checkbox-selected-hover-icon-color:#689f38;--mat-checkbox-selected-icon-color:#689f38;--mat-checkbox-selected-pressed-icon-color:#689f38;--mat-checkbox-unselected-focus-icon-color:white;--mat-checkbox-unselected-hover-icon-color:white;--mat-checkbox-unselected-icon-color:rgba(255, 255, 255, .7);--mat-checkbox-selected-focus-state-layer-color:#689f38;--mat-checkbox-selected-hover-state-layer-color:#689f38;--mat-checkbox-selected-pressed-state-layer-color:#689f38;--mat-checkbox-unselected-focus-state-layer-color:white;--mat-checkbox-unselected-hover-state-layer-color:white;--mat-checkbox-unselected-pressed-state-layer-color:white;--mat-button-filled-container-color:#424242;--mat-button-filled-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-filled-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-filled-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-filled-focus-state-layer-opacity:.12;--mat-button-filled-hover-state-layer-opacity:.04;--mat-button-filled-label-text-color:white;--mat-button-filled-pressed-state-layer-opacity:.12;--mat-button-filled-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-filled-state-layer-color:white;--mat-button-outlined-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-outlined-disabled-outline-color:rgba(255, 255, 255, .12);--mat-button-outlined-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-outlined-focus-state-layer-opacity:.12;--mat-button-outlined-hover-state-layer-opacity:.04;--mat-button-outlined-label-text-color:white;--mat-button-outlined-outline-color:rgba(255, 255, 255, .12);--mat-button-outlined-pressed-state-layer-opacity:.12;--mat-button-outlined-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-outlined-state-layer-color:white;--mat-button-protected-container-color:#424242;--mat-button-protected-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-protected-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-protected-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-protected-focus-state-layer-opacity:.12;--mat-button-protected-hover-state-layer-opacity:.04;--mat-button-protected-label-text-color:white;--mat-button-protected-pressed-state-layer-opacity:.12;--mat-button-protected-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-protected-state-layer-color:white;--mat-button-text-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-text-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-text-focus-state-layer-opacity:.12;--mat-button-text-hover-state-layer-opacity:.04;--mat-button-text-label-text-color:white;--mat-button-text-pressed-state-layer-opacity:.12;--mat-button-text-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-text-state-layer-color:white;--mat-button-tonal-container-color:#424242;--mat-button-tonal-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-tonal-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-tonal-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-tonal-focus-state-layer-opacity:.12;--mat-button-tonal-hover-state-layer-opacity:.04;--mat-button-tonal-label-text-color:white;--mat-button-tonal-pressed-state-layer-opacity:.12;--mat-button-tonal-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-tonal-state-layer-color:white;--mat-icon-button-disabled-icon-color:color-mix(in srgb, white 38%, transparent);--mat-icon-button-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-icon-button-focus-state-layer-opacity:.12;--mat-icon-button-hover-state-layer-opacity:.04;--mat-icon-button-icon-color:inherit;--mat-icon-button-pressed-state-layer-opacity:.12;--mat-icon-button-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-icon-button-state-layer-color:white;--mat-fab-container-color:#424242;--mat-fab-disabled-state-container-color:color-mix(in srgb, white 12%, transparent);--mat-fab-disabled-state-foreground-color:color-mix(in srgb, white 38%, transparent);--mat-fab-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-fab-focus-state-layer-opacity:.12;--mat-fab-foreground-color:white;--mat-fab-hover-state-layer-opacity:.04;--mat-fab-pressed-state-layer-opacity:.12;--mat-fab-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-container-color:#424242;--mat-fab-small-disabled-state-container-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-disabled-state-foreground-color:color-mix(in srgb, white 38%, transparent);--mat-fab-small-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-fab-small-focus-state-layer-opacity:.12;--mat-fab-small-foreground-color:white;--mat-fab-small-hover-state-layer-opacity:.04;--mat-fab-small-pressed-state-layer-opacity:.12;--mat-fab-small-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-state-layer-color:white;--mat-fab-state-layer-color:white;--mat-snack-bar-container-color:white;--mat-snack-bar-supporting-text-color:rgba(0, 0, 0, .87);--mat-snack-bar-button-color:#546e7a;--mat-table-background-color:#424242;--mat-table-header-headline-color:white;--mat-table-row-item-label-text-color:white;--mat-table-row-item-outline-color:rgba(255, 255, 255, .12);--mat-progress-spinner-active-indicator-color:#546e7a;--mat-badge-background-color:#546e7a;--mat-badge-text-color:white;--mat-badge-disabled-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-badge-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-bottom-sheet-container-text-color:white;--mat-bottom-sheet-container-background-color:#424242;--mat-button-toggle-background-color:#424242;--mat-button-toggle-disabled-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-disabled-selected-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-disabled-state-background-color:#424242;--mat-button-toggle-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-divider-color:rgba(255, 255, 255, .12);--mat-button-toggle-legacy-disabled-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-disabled-state-background-color:#424242;--mat-button-toggle-legacy-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-legacy-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-selected-state-text-color:white;--mat-button-toggle-legacy-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-text-color:white;--mat-button-toggle-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-selected-state-text-color:white;--mat-button-toggle-state-layer-color:white;--mat-button-toggle-text-color:white;--mat-datepicker-calendar-date-in-range-state-background-color:color-mix(in srgb, #546e7a 20%, transparent);--mat-datepicker-calendar-date-in-comparison-range-state-background-color:color-mix(in srgb, #689f38 20%, transparent);--mat-datepicker-calendar-date-in-overlap-range-state-background-color:#a8dab5;--mat-datepicker-calendar-date-in-overlap-range-selected-state-background-color:rgb(69.5241935484, 163.4758064516, 93.9516129032);--mat-datepicker-calendar-date-selected-state-text-color:white;--mat-datepicker-calendar-date-selected-state-background-color:#546e7a;--mat-datepicker-calendar-date-selected-disabled-state-background-color:color-mix(in srgb, #546e7a 38%, transparent);--mat-datepicker-calendar-date-today-selected-state-outline-color:white;--mat-datepicker-calendar-date-focus-state-background-color:color-mix(in srgb, #546e7a 12%, transparent);--mat-datepicker-calendar-date-hover-state-background-color:color-mix(in srgb, #546e7a 4%, transparent);--mat-datepicker-toggle-active-state-icon-color:#546e7a;--mat-datepicker-toggle-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-body-label-text-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-period-button-text-color:white;--mat-datepicker-calendar-period-button-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-navigation-button-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-header-divider-color:rgba(255, 255, 255, .12);--mat-datepicker-calendar-header-text-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-date-today-outline-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-date-today-disabled-state-outline-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-date-text-color:white;--mat-datepicker-calendar-date-outline-color:transparent;--mat-datepicker-calendar-date-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-date-preview-state-outline-color:rgba(255, 255, 255, .7);--mat-datepicker-range-input-separator-color:white;--mat-datepicker-range-input-disabled-state-separator-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-range-input-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-container-background-color:#424242;--mat-datepicker-calendar-container-text-color:white;--mat-divider-color:rgba(255, 255, 255, .12);--mat-expansion-container-background-color:#424242;--mat-expansion-container-text-color:white;--mat-expansion-actions-divider-color:rgba(255, 255, 255, .12);--mat-expansion-header-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-expansion-header-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-expansion-header-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-expansion-header-text-color:white;--mat-expansion-header-description-color:rgba(255, 255, 255, .7);--mat-expansion-header-indicator-color:rgba(255, 255, 255, .7);--mat-icon-color:inherit;--mat-sidenav-container-divider-color:rgba(255, 255, 255, .12);--mat-sidenav-container-background-color:#424242;--mat-sidenav-container-text-color:white;--mat-sidenav-content-background-color:#303030;--mat-sidenav-content-text-color:white;--mat-sidenav-scrim-color:rgba(255, 255, 255, .6);--mat-stepper-header-icon-foreground-color:white;--mat-stepper-header-selected-state-icon-background-color:#546e7a;--mat-stepper-header-selected-state-icon-foreground-color:white;--mat-stepper-header-done-state-icon-background-color:#546e7a;--mat-stepper-header-done-state-icon-foreground-color:white;--mat-stepper-header-edit-state-icon-background-color:#546e7a;--mat-stepper-header-edit-state-icon-foreground-color:white;--mat-stepper-container-color:#424242;--mat-stepper-line-color:rgba(255, 255, 255, .12);--mat-stepper-header-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-stepper-header-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-stepper-header-label-text-color:rgba(255, 255, 255, .7);--mat-stepper-header-optional-label-text-color:rgba(255, 255, 255, .7);--mat-stepper-header-selected-state-label-text-color:white;--mat-stepper-header-error-state-label-text-color:#ff5722;--mat-stepper-header-icon-background-color:rgba(255, 255, 255, .7);--mat-stepper-header-error-state-icon-foreground-color:#ff5722;--mat-stepper-header-error-state-icon-background-color:transparent;--mat-sort-arrow-color:white;--mat-toolbar-container-background-color:#424242;--mat-toolbar-container-text-color:white;--mat-tree-container-background-color:#424242;--mat-tree-node-text-color:white;--mat-timepicker-container-background-color:#424242}.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:rgb(96.4776699029, 126.3398058252, 140.1223300971);--theme-primary-light:rgb(105.1650485437, 137.0970873786, 151.8349514563);--theme-primary-darker:rgb(71.5223300971, 93.6601941748, 103.8776699029);--theme-primary-dark:rgb(63.2038834951, 82.7669902913, 91.7961165049);--theme-primary-fade-10:#546e7a;--theme-primary-fade-20:#546e7a;--theme-primary-fade-30:#546e7a;--theme-primary-fade-40:#546e7a;--theme-primary-fade-50:#546e7a;--theme-accent:#689f38;--theme-accent-lighter:rgb(118.8018604651, 181.6297674419, 63.9702325581);--theme-accent-light:rgb(129.0279069767, 191.4465116279, 74.5534883721);--theme-accent-darker:rgb(89.1981395349, 136.3702325581, 48.0297674419);--theme-accent-dark:rgb(79.3302325581, 121.2837209302, 42.7162790698);--theme-accent-fade-10:#689f38;--theme-accent-fade-20:#689f38;--theme-accent-fade-30:#689f38;--theme-accent-fade-40:#689f38;--theme-accent-fade-50:#689f38;--theme-warn:#ff5722;--theme-warn-lighter:rgb(255, 110.2615384615, 64.6);--theme-warn-light:rgb(255, 125.7692307692, 85);--theme-warn-darker:rgb(255, 63.7384615385, 3.4);--theme-warn-dark:rgb(238, 57.0769230769, 0);--theme-warn-fade-10:#ff5722;--theme-warn-fade-20:#ff5722;--theme-warn-fade-30:#ff5722;--theme-warn-fade-40:#ff5722;--theme-warn-fade-50:#ff5722;--theme-text:white;--theme-text-lighter:hsl(0, 0%, 106%);--theme-text-light:hsl(0, 0%, 110%);--theme-text-darker:rgb(229.5, 229.5, 229.5);--theme-text-dark:rgb(191.25, 191.25, 191.25);--theme-text-fade-10:white;--theme-text-fade-20:white;--theme-text-fade-30:white;--theme-text-fade-40:white;--theme-text-fade-50:white;--theme-text-invert-15:rgb(216.75, 216.75, 216.75);--theme-text-invert-30:rgb(178.5, 178.5, 178.5);--theme-background:#424242;--theme-background-lighter:rgb(81.3, 81.3, 81.3);--theme-background-light:rgb(91.5, 91.5, 91.5);--theme-background-darker:rgb(50.7, 50.7, 50.7);--theme-background-dark:rgb(40.5, 40.5, 40.5);--theme-background-darkest:rgb(30.3, 30.3, 30.3);--mdc-filled-text-field-container-color:#0000;--mdc-filled-text-field-disabled-container-color:#0000}@media screen and (-webkit-min-device-pixel-ratio:0){}\u003c/style\u003e\u003clink rel=\"stylesheet\" href=\"styles.css\" media=\"print\" onload=\"this.media='all'\"\u003e\u003cnoscript\u003e\u003clink rel=\"stylesheet\" href=\"styles.css\"\u003e\u003c/noscript\u003e\u003c/head\u003e\n\u003cbody class=\"mat-app-background mat-typography bluegrey-lightgreen-theme\"\u003e\n \u003capp-root\u003e\u003c/app-root\u003e\n\u003cscript src=\"runtime.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"polyfills.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"vendor.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"main.js\" type=\"module\"\u003e\u003c/script\u003e\u003c/body\u003e\n\u003c/html\u003e\n","ip":"192.168.65.254","timestamp":"2025-10-10T15:52:16.833863378Z","curl-command":"curl -X 'GET' -d '' -H 'Host: host.docker.internal:3000' -H 'User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36' 'http://host.docker.internal:3000'","matcher-status":true} +{"template":"http/miscellaneous/external-service-interaction.yaml","template-url":"https://cloud.projectdiscovery.io/public/external-service-interaction","template-id":"external-service-interaction","template-path":"/root/nuclei-templates/http/miscellaneous/external-service-interaction.yaml","info":{"name":"External Service Interaction","author":["andreluna"],"tags":["miscellaneous","http","misc","oast"],"description":"External Service interaction via Host Header Injection.","reference":["https://portswigger.net/kb/issues/00300210_external-service-interaction-http","https://success.qualys.com/support/s/article/000006843","https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection"],"severity":"info","metadata":{"max-request":1},"classification":{"cve-id":null,"cwe-id":["cwe-918","cwe-406"]}},"type":"http","host":"host.docker.internal:3000","port":"3000","scheme":"http","url":"http://host.docker.internal:3000","matched-at":"http://host.docker.internal:3000","request":"GET / HTTP/1.1\r\nHost: d3kin1q08hes73f859bgqcpfuf1qxf49u.oast.site\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.1\r\nConnection: close\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: public, max-age=0\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Fri, 10 Oct 2025 15:52:12 GMT\r\nEtag: W/\"124fa-199ceb49c18\"\r\nFeature-Policy: payment 'self'\r\nLast-Modified: Fri, 10 Oct 2025 15:19:27 GMT\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Recruiting: /#/jobs\r\n\r\n\u003c!--\n ~ Copyright (c) 2014-2025 Bjoern Kimminich \u0026 the OWASP Juice Shop contributors.\n ~ SPDX-License-Identifier: MIT\n --\u003e\n\n\u003c!doctype html\u003e\n\u003chtml lang=\"en\" data-beasties-container\u003e\n\u003chead\u003e\n \u003cmeta charset=\"utf-8\"\u003e\n \u003ctitle\u003eOWASP Juice Shop\u003c/title\u003e\n \u003cmeta name=\"description\" content=\"Probably the most modern and sophisticated insecure web application\"\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\"\u003e\n \u003clink id=\"favicon\" rel=\"icon\" type=\"image/x-icon\" href=\"assets/public/favicon_js.ico\"\u003e\n \u003clink rel=\"stylesheet\" type=\"text/css\" href=\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\"\u003e\n \u003cscript src=\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\"\u003e\u003c/script\u003e\n \u003cscript src=\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\"\u003e\u003c/script\u003e\n \u003cscript\u003e\n window.addEventListener(\"load\", function(){\n window.cookieconsent.initialise({\n \"palette\": {\n \"popup\": { \"background\": \"var(--theme-primary)\", \"text\": \"var(--theme-text)\" },\n \"button\": { \"background\": \"var(--theme-accent)\", \"text\": \"var(--theme-text)\" }\n },\n \"theme\": \"classic\",\n \"position\": \"bottom-right\",\n \"content\": { \"message\": \"This website uses fruit cookies to ensure you get the juiciest tracking experience.\", \"dismiss\": \"Me want it!\", \"link\": \"But me wait!\", \"href\": \"https://www.youtube.com/watch?v=9PnbKL3wuH4\" }\n })});\n \u003c/script\u003e\n\u003cstyle\u003ehtml{--mat-sys-on-surface:initial}.mat-app-background{background-color:var(--mat-app-background-color, var(--mat-sys-background, transparent));color:var(--mat-app-text-color, var(--mat-sys-on-background, inherit))}.mat-typography{font:400 14px/20px Roboto,sans-serif;letter-spacing:.0178571429em}html{--mat-tooltip-supporting-text-font:Roboto, sans-serif;--mat-tooltip-supporting-text-size:12px;--mat-tooltip-supporting-text-weight:400;--mat-tooltip-supporting-text-tracking:.0333333333em}html{--mat-app-background-color:#fafafa;--mat-app-text-color:rgba(0, 0, 0, .87);--mat-app-elevation-shadow-level-0:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-1:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-2:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-3:0px 3px 3px -2px rgba(0, 0, 0, .2), 0px 3px 4px 0px rgba(0, 0, 0, .14), 0px 1px 8px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-4:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-5:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 5px 8px 0px rgba(0, 0, 0, .14), 0px 1px 14px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-6:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-7:0px 4px 5px -2px rgba(0, 0, 0, .2), 0px 7px 10px 1px rgba(0, 0, 0, .14), 0px 2px 16px 1px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-8:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-9:0px 5px 6px -3px rgba(0, 0, 0, .2), 0px 9px 12px 1px rgba(0, 0, 0, .14), 0px 3px 16px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-10:0px 6px 6px -3px rgba(0, 0, 0, .2), 0px 10px 14px 1px rgba(0, 0, 0, .14), 0px 4px 18px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-11:0px 6px 7px -4px rgba(0, 0, 0, .2), 0px 11px 15px 1px rgba(0, 0, 0, .14), 0px 4px 20px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-12:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-13:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 13px 19px 2px rgba(0, 0, 0, .14), 0px 5px 24px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-14:0px 7px 9px -4px rgba(0, 0, 0, .2), 0px 14px 21px 2px rgba(0, 0, 0, .14), 0px 5px 26px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-15:0px 8px 9px -5px rgba(0, 0, 0, .2), 0px 15px 22px 2px rgba(0, 0, 0, .14), 0px 6px 28px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-16:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-17:0px 8px 11px -5px rgba(0, 0, 0, .2), 0px 17px 26px 2px rgba(0, 0, 0, .14), 0px 6px 32px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-18:0px 9px 11px -5px rgba(0, 0, 0, .2), 0px 18px 28px 2px rgba(0, 0, 0, .14), 0px 7px 34px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-19:0px 9px 12px -6px rgba(0, 0, 0, .2), 0px 19px 29px 2px rgba(0, 0, 0, .14), 0px 7px 36px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-20:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 20px 31px 3px rgba(0, 0, 0, .14), 0px 8px 38px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-21:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 21px 33px 3px rgba(0, 0, 0, .14), 0px 8px 40px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-22:0px 10px 14px -6px rgba(0, 0, 0, .2), 0px 22px 35px 3px rgba(0, 0, 0, .14), 0px 8px 42px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-23:0px 11px 14px -7px rgba(0, 0, 0, .2), 0px 23px 36px 3px rgba(0, 0, 0, .14), 0px 9px 44px 8px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-24:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12)}html{--mat-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent)}html{--mat-option-selected-state-label-text-color:#673ab7;--mat-option-label-text-color:rgba(0, 0, 0, .87);--mat-option-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-option-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-option-selected-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent)}html{--mat-optgroup-label-text-color:rgba(0, 0, 0, .87)}html{--mat-pseudo-checkbox-full-selected-icon-color:#ffa000;--mat-pseudo-checkbox-full-selected-checkmark-color:#fafafa;--mat-pseudo-checkbox-full-unselected-icon-color:rgba(0, 0, 0, .54);--mat-pseudo-checkbox-full-disabled-selected-checkmark-color:#fafafa;--mat-pseudo-checkbox-full-disabled-unselected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-pseudo-checkbox-full-disabled-selected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-pseudo-checkbox-minimal-selected-checkmark-color:#ffa000;--mat-pseudo-checkbox-minimal-disabled-selected-checkmark-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-card-elevated-container-shape:4px;--mat-card-outlined-container-shape:4px;--mat-card-filled-container-shape:4px;--mat-card-outlined-outline-width:1px}html{--mat-card-elevated-container-color:white;--mat-card-elevated-container-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-card-outlined-container-color:white;--mat-card-outlined-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-card-outlined-outline-color:rgba(0, 0, 0, .12);--mat-card-subtitle-text-color:rgba(0, 0, 0, .54);--mat-card-filled-container-color:white;--mat-card-filled-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12)}html{--mat-progress-bar-active-indicator-height:4px;--mat-progress-bar-track-height:4px;--mat-progress-bar-track-shape:0}html{--mat-tooltip-container-shape:4px;--mat-tooltip-supporting-text-line-height:16px}html{--mat-tooltip-container-color:#424242;--mat-tooltip-supporting-text-color:white}html{--mat-form-field-filled-active-indicator-height:1px;--mat-form-field-filled-focus-active-indicator-height:2px;--mat-form-field-filled-container-shape:4px;--mat-form-field-outlined-outline-width:1px;--mat-form-field-outlined-focus-outline-width:2px;--mat-form-field-outlined-container-shape:4px}html{--mat-form-field-focus-select-arrow-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-filled-caret-color:#673ab7;--mat-form-field-filled-focus-active-indicator-color:#673ab7;--mat-form-field-filled-focus-label-text-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-outlined-caret-color:#673ab7;--mat-form-field-outlined-focus-outline-color:#673ab7;--mat-form-field-outlined-focus-label-text-color:color-mix(in srgb, #673ab7 87%, transparent);--mat-form-field-disabled-input-text-placeholder-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-state-layer-color:rgba(0, 0, 0, .87);--mat-form-field-error-text-color:#f44336;--mat-form-field-select-option-text-color:inherit;--mat-form-field-select-disabled-option-text-color:GrayText;--mat-form-field-leading-icon-color:unset;--mat-form-field-disabled-leading-icon-color:unset;--mat-form-field-trailing-icon-color:unset;--mat-form-field-disabled-trailing-icon-color:unset;--mat-form-field-error-focus-trailing-icon-color:unset;--mat-form-field-error-hover-trailing-icon-color:unset;--mat-form-field-error-trailing-icon-color:unset;--mat-form-field-enabled-select-arrow-color:rgba(0, 0, 0, .54);--mat-form-field-disabled-select-arrow-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-hover-state-layer-opacity:.04;--mat-form-field-focus-state-layer-opacity:.12;--mat-form-field-filled-container-color:#f6f6f6;--mat-form-field-filled-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-form-field-filled-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-filled-hover-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-filled-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-filled-input-text-color:rgba(0, 0, 0, .87);--mat-form-field-filled-disabled-input-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-filled-input-text-placeholder-color:rgba(0, 0, 0, .54);--mat-form-field-filled-error-hover-label-text-color:#f44336;--mat-form-field-filled-error-focus-label-text-color:#f44336;--mat-form-field-filled-error-label-text-color:#f44336;--mat-form-field-filled-error-caret-color:#f44336;--mat-form-field-filled-active-indicator-color:rgba(0, 0, 0, .54);--mat-form-field-filled-disabled-active-indicator-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-form-field-filled-hover-active-indicator-color:rgba(0, 0, 0, .87);--mat-form-field-filled-error-active-indicator-color:#f44336;--mat-form-field-filled-error-focus-active-indicator-color:#f44336;--mat-form-field-filled-error-hover-active-indicator-color:#f44336;--mat-form-field-outlined-label-text-color:rgba(0, 0, 0, .54);--mat-form-field-outlined-hover-label-text-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-outlined-input-text-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-disabled-input-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-form-field-outlined-input-text-placeholder-color:rgba(0, 0, 0, .54);--mat-form-field-outlined-error-caret-color:#f44336;--mat-form-field-outlined-error-focus-label-text-color:#f44336;--mat-form-field-outlined-error-label-text-color:#f44336;--mat-form-field-outlined-error-hover-label-text-color:#f44336;--mat-form-field-outlined-outline-color:rgba(0, 0, 0, .38);--mat-form-field-outlined-disabled-outline-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-form-field-outlined-hover-outline-color:rgba(0, 0, 0, .87);--mat-form-field-outlined-error-focus-outline-color:#f44336;--mat-form-field-outlined-error-hover-outline-color:#f44336;--mat-form-field-outlined-error-outline-color:#f44336}html{--mat-form-field-container-height:56px;--mat-form-field-filled-label-display:block;--mat-form-field-container-vertical-padding:16px;--mat-form-field-filled-with-label-container-padding-top:24px;--mat-form-field-filled-with-label-container-padding-bottom:8px}html{--mat-select-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-select-panel-background-color:white;--mat-select-enabled-trigger-text-color:rgba(0, 0, 0, .87);--mat-select-disabled-trigger-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-select-placeholder-text-color:rgba(0, 0, 0, .54);--mat-select-enabled-arrow-color:rgba(0, 0, 0, .54);--mat-select-disabled-arrow-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-select-focused-arrow-color:#673ab7;--mat-select-invalid-arrow-color:#f44336}html{--mat-select-arrow-transform:translateY(-8px)}html{--mat-autocomplete-container-shape:4px;--mat-autocomplete-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-autocomplete-background-color:white}html{--mat-dialog-container-shape:4px;--mat-dialog-container-elevation-shadow:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12);--mat-dialog-container-max-width:80vw;--mat-dialog-container-small-max-width:80vw;--mat-dialog-container-min-width:0;--mat-dialog-actions-alignment:start;--mat-dialog-actions-padding:8px;--mat-dialog-content-padding:20px 24px;--mat-dialog-with-actions-content-padding:20px 24px;--mat-dialog-headline-padding:0 24px 9px}html{--mat-dialog-container-color:white;--mat-dialog-subhead-color:rgba(0, 0, 0, .87);--mat-dialog-supporting-text-color:rgba(0, 0, 0, .54)}html{--mat-slide-toggle-disabled-handle-opacity:.38;--mat-slide-toggle-disabled-selected-handle-opacity:.38;--mat-slide-toggle-disabled-selected-icon-opacity:.38;--mat-slide-toggle-disabled-track-opacity:.12;--mat-slide-toggle-disabled-unselected-handle-opacity:.38;--mat-slide-toggle-disabled-unselected-icon-opacity:.38;--mat-slide-toggle-disabled-unselected-track-outline-color:transparent;--mat-slide-toggle-disabled-unselected-track-outline-width:1px;--mat-slide-toggle-handle-height:20px;--mat-slide-toggle-handle-shape:10px;--mat-slide-toggle-handle-width:20px;--mat-slide-toggle-hidden-track-opacity:1;--mat-slide-toggle-hidden-track-transition:transform 75ms 0ms cubic-bezier(.4, 0, .6, 1);--mat-slide-toggle-pressed-handle-size:20px;--mat-slide-toggle-selected-focus-state-layer-opacity:.12;--mat-slide-toggle-selected-handle-horizontal-margin:0;--mat-slide-toggle-selected-handle-size:20px;--mat-slide-toggle-selected-hover-state-layer-opacity:.04;--mat-slide-toggle-selected-icon-size:18px;--mat-slide-toggle-selected-pressed-handle-horizontal-margin:0;--mat-slide-toggle-selected-pressed-state-layer-opacity:.12;--mat-slide-toggle-selected-track-outline-color:transparent;--mat-slide-toggle-selected-track-outline-width:1px;--mat-slide-toggle-selected-with-icon-handle-horizontal-margin:0;--mat-slide-toggle-track-height:14px;--mat-slide-toggle-track-outline-color:transparent;--mat-slide-toggle-track-outline-width:1px;--mat-slide-toggle-track-shape:7px;--mat-slide-toggle-track-width:36px;--mat-slide-toggle-unselected-focus-state-layer-opacity:.12;--mat-slide-toggle-unselected-handle-horizontal-margin:0;--mat-slide-toggle-unselected-handle-size:20px;--mat-slide-toggle-unselected-hover-state-layer-opacity:.12;--mat-slide-toggle-unselected-icon-size:18px;--mat-slide-toggle-unselected-pressed-handle-horizontal-margin:0;--mat-slide-toggle-unselected-pressed-state-layer-opacity:.1;--mat-slide-toggle-unselected-with-icon-handle-horizontal-margin:0;--mat-slide-toggle-visible-track-opacity:1;--mat-slide-toggle-visible-track-transition:transform 75ms 0ms cubic-bezier(0, 0, .2, 1);--mat-slide-toggle-with-icon-handle-size:20px;--mat-slide-toggle-touch-target-size:48px}html{--mat-slide-toggle-selected-icon-color:white;--mat-slide-toggle-disabled-selected-icon-color:white;--mat-slide-toggle-selected-focus-state-layer-color:#673ab7;--mat-slide-toggle-selected-handle-color:#673ab7;--mat-slide-toggle-selected-hover-state-layer-color:#673ab7;--mat-slide-toggle-selected-pressed-state-layer-color:#673ab7;--mat-slide-toggle-selected-focus-handle-color:#673ab7;--mat-slide-toggle-selected-hover-handle-color:#673ab7;--mat-slide-toggle-selected-pressed-handle-color:#673ab7;--mat-slide-toggle-selected-focus-track-color:#9575cd;--mat-slide-toggle-selected-hover-track-color:#9575cd;--mat-slide-toggle-selected-pressed-track-color:#9575cd;--mat-slide-toggle-selected-track-color:#9575cd;--mat-slide-toggle-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-slide-toggle-disabled-handle-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-disabled-selected-handle-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-selected-track-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-unselected-handle-color:rgba(0, 0, 0, .87);--mat-slide-toggle-disabled-unselected-icon-color:#f6f6f6;--mat-slide-toggle-disabled-unselected-track-color:rgba(0, 0, 0, .87);--mat-slide-toggle-handle-elevation-shadow:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-handle-surface-color:white;--mat-slide-toggle-label-text-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-hover-handle-color:#424242;--mat-slide-toggle-unselected-focus-handle-color:#424242;--mat-slide-toggle-unselected-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-focus-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-icon-color:#f6f6f6;--mat-slide-toggle-unselected-handle-color:rgba(0, 0, 0, .54);--mat-slide-toggle-unselected-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-hover-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-pressed-handle-color:#424242;--mat-slide-toggle-unselected-pressed-track-color:rgba(0, 0, 0, .12);--mat-slide-toggle-unselected-pressed-state-layer-color:rgba(0, 0, 0, .87);--mat-slide-toggle-unselected-track-color:rgba(0, 0, 0, .12)}html{--mat-slide-toggle-state-layer-size:40px;--mat-slide-toggle-touch-target-display:block}html{--mat-radio-disabled-selected-icon-opacity:.38;--mat-radio-disabled-unselected-icon-opacity:.38;--mat-radio-state-layer-size:40px;--mat-radio-touch-target-size:48px}html{--mat-radio-state-layer-size:40px;--mat-radio-touch-target-display:block}html{--mat-slider-active-track-height:6px;--mat-slider-active-track-shape:9999px;--mat-slider-handle-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slider-handle-height:20px;--mat-slider-handle-shape:50%;--mat-slider-handle-width:20px;--mat-slider-inactive-track-height:4px;--mat-slider-inactive-track-shape:9999px;--mat-slider-value-indicator-border-radius:4px;--mat-slider-value-indicator-caret-display:block;--mat-slider-value-indicator-container-transform:translateX(-50%);--mat-slider-value-indicator-height:32px;--mat-slider-value-indicator-padding:0 12px;--mat-slider-value-indicator-text-transform:none;--mat-slider-value-indicator-width:auto;--mat-slider-with-overlap-handle-outline-width:1px;--mat-slider-with-tick-marks-active-container-opacity:.6;--mat-slider-with-tick-marks-container-shape:50%;--mat-slider-with-tick-marks-container-size:2px;--mat-slider-with-tick-marks-inactive-container-opacity:.6}html{--mat-slider-active-track-color:#673ab7;--mat-slider-focus-handle-color:#673ab7;--mat-slider-handle-color:#673ab7;--mat-slider-hover-handle-color:#673ab7;--mat-slider-focus-state-layer-color:color-mix(in srgb, #673ab7 12%, transparent);--mat-slider-hover-state-layer-color:color-mix(in srgb, #673ab7 4%, transparent);--mat-slider-inactive-track-color:#673ab7;--mat-slider-ripple-color:#673ab7;--mat-slider-with-tick-marks-active-container-color:white;--mat-slider-with-tick-marks-inactive-container-color:#673ab7;--mat-slider-disabled-active-track-color:rgba(0, 0, 0, .87);--mat-slider-disabled-handle-color:rgba(0, 0, 0, .87);--mat-slider-disabled-inactive-track-color:rgba(0, 0, 0, .87);--mat-slider-label-container-color:#424242;--mat-slider-label-label-text-color:white;--mat-slider-value-indicator-opacity:1;--mat-slider-with-overlap-handle-outline-color:rgba(0, 0, 0, .87);--mat-slider-with-tick-marks-disabled-container-color:rgba(0, 0, 0, .87)}html{--mat-menu-container-shape:4px;--mat-menu-divider-bottom-spacing:0;--mat-menu-divider-top-spacing:0;--mat-menu-item-spacing:16px;--mat-menu-item-icon-size:24px;--mat-menu-item-leading-spacing:16px;--mat-menu-item-trailing-spacing:16px;--mat-menu-item-with-icon-leading-spacing:16px;--mat-menu-item-with-icon-trailing-spacing:16px;--mat-menu-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-menu-item-label-text-color:rgba(0, 0, 0, .87);--mat-menu-item-icon-color:rgba(0, 0, 0, .87);--mat-menu-item-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-menu-item-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-menu-container-color:white;--mat-menu-divider-color:rgba(0, 0, 0, .12)}html{--mat-list-active-indicator-color:transparent;--mat-list-active-indicator-shape:4px;--mat-list-list-item-container-shape:0;--mat-list-list-item-leading-avatar-shape:50%;--mat-list-list-item-container-color:transparent;--mat-list-list-item-selected-container-color:transparent;--mat-list-list-item-leading-avatar-color:transparent;--mat-list-list-item-leading-icon-size:24px;--mat-list-list-item-leading-avatar-size:40px;--mat-list-list-item-trailing-icon-size:24px;--mat-list-list-item-disabled-state-layer-color:transparent;--mat-list-list-item-disabled-state-layer-opacity:0;--mat-list-list-item-disabled-label-text-opacity:.38;--mat-list-list-item-disabled-leading-icon-opacity:.38;--mat-list-list-item-disabled-trailing-icon-opacity:.38}html{--mat-list-list-item-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-supporting-text-color:rgba(0, 0, 0, .54);--mat-list-list-item-leading-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-trailing-supporting-text-color:rgba(0, 0, 0, .54);--mat-list-list-item-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-selected-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-disabled-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-disabled-leading-icon-color:rgba(0, 0, 0, .87);--mat-list-list-item-disabled-trailing-icon-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-leading-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-list-list-item-hover-state-layer-opacity:.04;--mat-list-list-item-hover-trailing-icon-color:rgba(0, 0, 0, .54);--mat-list-list-item-focus-label-text-color:rgba(0, 0, 0, .87);--mat-list-list-item-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-list-list-item-focus-state-layer-opacity:.12}html{--mat-list-list-item-leading-icon-start-space:16px;--mat-list-list-item-leading-icon-end-space:32px;--mat-list-list-item-one-line-container-height:48px;--mat-list-list-item-two-line-container-height:64px;--mat-list-list-item-three-line-container-height:88px}html{--mat-paginator-page-size-select-width:84px;--mat-paginator-page-size-select-touch-target-height:48px}html{--mat-paginator-container-text-color:rgba(0, 0, 0, .87);--mat-paginator-container-background-color:white;--mat-paginator-enabled-icon-color:rgba(0, 0, 0, .54);--mat-paginator-disabled-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-paginator-container-size:56px;--mat-paginator-form-field-container-height:40px;--mat-paginator-form-field-container-vertical-padding:8px;--mat-paginator-touch-target-display:block}html{--mat-tab-container-height:48px;--mat-tab-divider-color:transparent;--mat-tab-divider-height:0;--mat-tab-active-indicator-height:2px;--mat-tab-active-indicator-shape:0}html{--mat-checkbox-disabled-selected-checkmark-color:white;--mat-checkbox-selected-focus-state-layer-opacity:.12;--mat-checkbox-selected-hover-state-layer-opacity:.04;--mat-checkbox-selected-pressed-state-layer-opacity:.12;--mat-checkbox-unselected-focus-state-layer-opacity:.12;--mat-checkbox-unselected-hover-state-layer-opacity:.04;--mat-checkbox-unselected-pressed-state-layer-opacity:.12;--mat-checkbox-touch-target-size:48px}html{--mat-checkbox-disabled-label-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-label-text-color:rgba(0, 0, 0, .87);--mat-checkbox-disabled-selected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-disabled-unselected-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-checkbox-selected-checkmark-color:rgba(0, 0, 0, .87);--mat-checkbox-selected-focus-icon-color:#ffa000;--mat-checkbox-selected-hover-icon-color:#ffa000;--mat-checkbox-selected-icon-color:#ffa000;--mat-checkbox-selected-pressed-icon-color:#ffa000;--mat-checkbox-unselected-focus-icon-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-hover-icon-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-icon-color:rgba(0, 0, 0, .54);--mat-checkbox-selected-focus-state-layer-color:#ffa000;--mat-checkbox-selected-hover-state-layer-color:#ffa000;--mat-checkbox-selected-pressed-state-layer-color:#ffa000;--mat-checkbox-unselected-focus-state-layer-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-hover-state-layer-color:rgba(0, 0, 0, .87);--mat-checkbox-unselected-pressed-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-checkbox-touch-target-display:block;--mat-checkbox-state-layer-size:40px}html{--mat-button-filled-container-shape:4px;--mat-button-filled-horizontal-padding:16px;--mat-button-filled-icon-offset:-4px;--mat-button-filled-icon-spacing:8px;--mat-button-filled-touch-target-size:48px;--mat-button-outlined-container-shape:4px;--mat-button-outlined-horizontal-padding:15px;--mat-button-outlined-icon-offset:-4px;--mat-button-outlined-icon-spacing:8px;--mat-button-outlined-keep-touch-target:false;--mat-button-outlined-outline-width:1px;--mat-button-outlined-touch-target-size:48px;--mat-button-protected-container-elevation-shadow:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-button-protected-container-shape:4px;--mat-button-protected-disabled-container-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-button-protected-focus-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-button-protected-horizontal-padding:16px;--mat-button-protected-hover-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-button-protected-icon-offset:-4px;--mat-button-protected-icon-spacing:8px;--mat-button-protected-pressed-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-button-protected-touch-target-size:48px;--mat-button-text-container-shape:4px;--mat-button-text-horizontal-padding:8px;--mat-button-text-icon-offset:0;--mat-button-text-icon-spacing:8px;--mat-button-text-with-icon-horizontal-padding:8px;--mat-button-text-touch-target-size:48px;--mat-button-tonal-container-shape:4px;--mat-button-tonal-horizontal-padding:16px;--mat-button-tonal-icon-offset:-4px;--mat-button-tonal-icon-spacing:8px;--mat-button-tonal-touch-target-size:48px}html{--mat-button-filled-container-color:white;--mat-button-filled-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-filled-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-filled-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-filled-focus-state-layer-opacity:.12;--mat-button-filled-hover-state-layer-opacity:.04;--mat-button-filled-label-text-color:rgba(0, 0, 0, .87);--mat-button-filled-pressed-state-layer-opacity:.12;--mat-button-filled-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-filled-state-layer-color:rgba(0, 0, 0, .87);--mat-button-outlined-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-outlined-disabled-outline-color:rgba(0, 0, 0, .12);--mat-button-outlined-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-outlined-focus-state-layer-opacity:.12;--mat-button-outlined-hover-state-layer-opacity:.04;--mat-button-outlined-label-text-color:rgba(0, 0, 0, .87);--mat-button-outlined-outline-color:rgba(0, 0, 0, .12);--mat-button-outlined-pressed-state-layer-opacity:.12;--mat-button-outlined-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-outlined-state-layer-color:rgba(0, 0, 0, .87);--mat-button-protected-container-color:white;--mat-button-protected-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-protected-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-protected-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-protected-focus-state-layer-opacity:.12;--mat-button-protected-hover-state-layer-opacity:.04;--mat-button-protected-label-text-color:rgba(0, 0, 0, .87);--mat-button-protected-pressed-state-layer-opacity:.12;--mat-button-protected-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-protected-state-layer-color:rgba(0, 0, 0, .87);--mat-button-text-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-text-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-text-focus-state-layer-opacity:.12;--mat-button-text-hover-state-layer-opacity:.04;--mat-button-text-label-text-color:rgba(0, 0, 0, .87);--mat-button-text-pressed-state-layer-opacity:.12;--mat-button-text-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-text-state-layer-color:rgba(0, 0, 0, .87);--mat-button-tonal-container-color:white;--mat-button-tonal-disabled-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-tonal-disabled-label-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-tonal-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-button-tonal-focus-state-layer-opacity:.12;--mat-button-tonal-hover-state-layer-opacity:.04;--mat-button-tonal-label-text-color:rgba(0, 0, 0, .87);--mat-button-tonal-pressed-state-layer-opacity:.12;--mat-button-tonal-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-tonal-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-button-filled-container-height:36px;--mat-button-filled-touch-target-display:block;--mat-button-outlined-container-height:36px;--mat-button-outlined-touch-target-display:block;--mat-button-protected-container-height:36px;--mat-button-protected-touch-target-display:block;--mat-button-text-container-height:36px;--mat-button-text-touch-target-display:block;--mat-button-tonal-container-height:36px;--mat-button-tonal-touch-target-display:block}html{--mat-icon-button-icon-size:24px;--mat-icon-button-container-shape:50%;--mat-icon-button-touch-target-size:48px}html{--mat-icon-button-disabled-icon-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-icon-button-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-icon-button-focus-state-layer-opacity:.12;--mat-icon-button-hover-state-layer-opacity:.04;--mat-icon-button-icon-color:inherit;--mat-icon-button-pressed-state-layer-opacity:.12;--mat-icon-button-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-icon-button-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-icon-button-touch-target-display:block}html{--mat-fab-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-container-shape:50%;--mat-fab-touch-target-size:48px;--mat-fab-extended-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-extended-container-height:48px;--mat-fab-extended-container-shape:24px;--mat-fab-extended-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-extended-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-extended-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-fab-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-fab-small-container-elevation-shadow:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-fab-small-container-shape:50%;--mat-fab-small-touch-target-size:48px;--mat-fab-small-focus-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-small-hover-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-fab-small-pressed-container-elevation-shadow:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12)}html{--mat-fab-container-color:white;--mat-fab-disabled-state-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-disabled-state-foreground-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-fab-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-fab-focus-state-layer-opacity:.12;--mat-fab-foreground-color:rgba(0, 0, 0, .87);--mat-fab-hover-state-layer-opacity:.04;--mat-fab-pressed-state-layer-opacity:.12;--mat-fab-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-container-color:white;--mat-fab-small-disabled-state-container-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-disabled-state-foreground-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-fab-small-disabled-state-layer-color:rgba(0, 0, 0, .54);--mat-fab-small-focus-state-layer-opacity:.12;--mat-fab-small-foreground-color:rgba(0, 0, 0, .87);--mat-fab-small-hover-state-layer-opacity:.04;--mat-fab-small-pressed-state-layer-opacity:.12;--mat-fab-small-ripple-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-fab-small-state-layer-color:rgba(0, 0, 0, .87);--mat-fab-state-layer-color:rgba(0, 0, 0, .87)}html{--mat-fab-small-touch-target-display:block;--mat-fab-touch-target-display:block}html{--mat-snack-bar-container-shape:4px}html{--mat-snack-bar-container-color:#424242;--mat-snack-bar-supporting-text-color:white;--mat-snack-bar-button-color:#9575cd}html{--mat-table-row-item-outline-width:1px}html{--mat-table-background-color:white;--mat-table-header-headline-color:rgba(0, 0, 0, .87);--mat-table-row-item-label-text-color:rgba(0, 0, 0, .87);--mat-table-row-item-outline-color:rgba(0, 0, 0, .12)}html{--mat-table-header-container-height:56px;--mat-table-footer-container-height:52px;--mat-table-row-item-container-height:52px}html{--mat-progress-spinner-active-indicator-width:4px;--mat-progress-spinner-size:48px}html{--mat-progress-spinner-active-indicator-color:#673ab7}html{--mat-badge-container-shape:50%;--mat-badge-container-size:unset;--mat-badge-small-size-container-size:unset;--mat-badge-large-size-container-size:unset;--mat-badge-legacy-container-size:22px;--mat-badge-legacy-small-size-container-size:16px;--mat-badge-legacy-large-size-container-size:28px;--mat-badge-container-offset:-11px 0;--mat-badge-small-size-container-offset:-8px 0;--mat-badge-large-size-container-offset:-14px 0;--mat-badge-container-overlap-offset:-11px;--mat-badge-small-size-container-overlap-offset:-8px;--mat-badge-large-size-container-overlap-offset:-14px;--mat-badge-container-padding:0;--mat-badge-small-size-container-padding:0;--mat-badge-large-size-container-padding:0}html{--mat-badge-background-color:#673ab7;--mat-badge-text-color:white;--mat-badge-disabled-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-badge-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent)}html{--mat-bottom-sheet-container-shape:4px}html{--mat-bottom-sheet-container-text-color:rgba(0, 0, 0, .87);--mat-bottom-sheet-container-background-color:white}html{--mat-button-toggle-focus-state-layer-opacity:.12;--mat-button-toggle-hover-state-layer-opacity:.04;--mat-button-toggle-legacy-focus-state-layer-opacity:1;--mat-button-toggle-legacy-height:36px;--mat-button-toggle-legacy-shape:2px;--mat-button-toggle-shape:4px}html{--mat-button-toggle-background-color:white;--mat-button-toggle-disabled-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-disabled-selected-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-disabled-state-background-color:white;--mat-button-toggle-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-divider-color:rgba(0, 0, 0, .12);--mat-button-toggle-legacy-disabled-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-disabled-state-background-color:white;--mat-button-toggle-legacy-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-button-toggle-legacy-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-selected-state-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-legacy-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-legacy-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-selected-state-background-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-button-toggle-selected-state-text-color:rgba(0, 0, 0, .87);--mat-button-toggle-state-layer-color:rgba(0, 0, 0, .87);--mat-button-toggle-text-color:rgba(0, 0, 0, .87)}html{--mat-button-toggle-height:48px}html{--mat-datepicker-calendar-container-shape:4px;--mat-datepicker-calendar-container-touch-shape:4px;--mat-datepicker-calendar-container-elevation-shadow:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-datepicker-calendar-container-touch-elevation-shadow:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12)}html{--mat-datepicker-calendar-date-in-range-state-background-color:color-mix(in srgb, #673ab7 20%, transparent);--mat-datepicker-calendar-date-in-comparison-range-state-background-color:color-mix(in srgb, #ffa000 20%, transparent);--mat-datepicker-calendar-date-in-overlap-range-state-background-color:#a8dab5;--mat-datepicker-calendar-date-in-overlap-range-selected-state-background-color:rgb(69.5241935484, 163.4758064516, 93.9516129032);--mat-datepicker-calendar-date-selected-state-text-color:white;--mat-datepicker-calendar-date-selected-state-background-color:#673ab7;--mat-datepicker-calendar-date-selected-disabled-state-background-color:color-mix(in srgb, #673ab7 38%, transparent);--mat-datepicker-calendar-date-today-selected-state-outline-color:white;--mat-datepicker-calendar-date-focus-state-background-color:color-mix(in srgb, #673ab7 12%, transparent);--mat-datepicker-calendar-date-hover-state-background-color:color-mix(in srgb, #673ab7 4%, transparent);--mat-datepicker-toggle-active-state-icon-color:#673ab7;--mat-datepicker-toggle-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-body-label-text-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-period-button-text-color:rgba(0, 0, 0, .87);--mat-datepicker-calendar-period-button-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-navigation-button-icon-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-header-divider-color:rgba(0, 0, 0, .12);--mat-datepicker-calendar-header-text-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-date-today-outline-color:rgba(0, 0, 0, .54);--mat-datepicker-calendar-date-today-disabled-state-outline-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-date-text-color:rgba(0, 0, 0, .87);--mat-datepicker-calendar-date-outline-color:transparent;--mat-datepicker-calendar-date-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-date-preview-state-outline-color:rgba(0, 0, 0, .54);--mat-datepicker-range-input-separator-color:rgba(0, 0, 0, .87);--mat-datepicker-range-input-disabled-state-separator-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-range-input-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-datepicker-calendar-container-background-color:white;--mat-datepicker-calendar-container-text-color:rgba(0, 0, 0, .87)}html{--mat-divider-width:1px}html{--mat-divider-color:rgba(0, 0, 0, .12)}html{--mat-expansion-container-shape:4px;--mat-expansion-container-elevation-shadow:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-expansion-legacy-header-indicator-display:inline-block;--mat-expansion-header-indicator-display:none}html{--mat-expansion-container-background-color:white;--mat-expansion-container-text-color:rgba(0, 0, 0, .87);--mat-expansion-actions-divider-color:rgba(0, 0, 0, .12);--mat-expansion-header-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-expansion-header-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-expansion-header-disabled-state-text-color:color-mix(in srgb, rgba(0, 0, 0, .87) 38%, transparent);--mat-expansion-header-text-color:rgba(0, 0, 0, .87);--mat-expansion-header-description-color:rgba(0, 0, 0, .54);--mat-expansion-header-indicator-color:rgba(0, 0, 0, .54)}html{--mat-expansion-header-collapsed-state-height:48px;--mat-expansion-header-expanded-state-height:64px}html{--mat-icon-color:inherit}html{--mat-sidenav-container-shape:0;--mat-sidenav-container-elevation-shadow:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-sidenav-container-width:auto}html{--mat-sidenav-container-divider-color:rgba(0, 0, 0, .12);--mat-sidenav-container-background-color:white;--mat-sidenav-container-text-color:rgba(0, 0, 0, .87);--mat-sidenav-content-background-color:#fafafa;--mat-sidenav-content-text-color:rgba(0, 0, 0, .87);--mat-sidenav-scrim-color:rgba(0, 0, 0, .6)}html{--mat-stepper-header-focus-state-layer-shape:0;--mat-stepper-header-hover-state-layer-shape:0}html{--mat-stepper-header-icon-foreground-color:white;--mat-stepper-header-selected-state-icon-background-color:#673ab7;--mat-stepper-header-selected-state-icon-foreground-color:white;--mat-stepper-header-done-state-icon-background-color:#673ab7;--mat-stepper-header-done-state-icon-foreground-color:white;--mat-stepper-header-edit-state-icon-background-color:#673ab7;--mat-stepper-header-edit-state-icon-foreground-color:white;--mat-stepper-container-color:white;--mat-stepper-line-color:rgba(0, 0, 0, .12);--mat-stepper-header-hover-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 4%, transparent);--mat-stepper-header-focus-state-layer-color:color-mix(in srgb, rgba(0, 0, 0, .87) 12%, transparent);--mat-stepper-header-label-text-color:rgba(0, 0, 0, .54);--mat-stepper-header-optional-label-text-color:rgba(0, 0, 0, .54);--mat-stepper-header-selected-state-label-text-color:rgba(0, 0, 0, .87);--mat-stepper-header-error-state-label-text-color:#f44336;--mat-stepper-header-icon-background-color:rgba(0, 0, 0, .54);--mat-stepper-header-error-state-icon-foreground-color:#f44336;--mat-stepper-header-error-state-icon-background-color:transparent}html{--mat-stepper-header-height:72px}html{--mat-sort-arrow-color:rgba(0, 0, 0, .87)}html{--mat-toolbar-container-background-color:white;--mat-toolbar-container-text-color:rgba(0, 0, 0, .87)}html{--mat-toolbar-standard-height:64px;--mat-toolbar-mobile-height:56px}html{--mat-tree-container-background-color:white;--mat-tree-node-text-color:rgba(0, 0, 0, .87)}html{--mat-tree-node-min-height:48px}html{--mat-timepicker-container-shape:4px;--mat-timepicker-container-elevation-shadow:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12)}html{--mat-timepicker-container-background-color:white}.bluegrey-lightgreen-theme{--mat-app-background-color:#303030;--mat-app-text-color:white;--mat-app-elevation-shadow-level-0:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-1:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-2:0px 3px 1px -2px rgba(0, 0, 0, .2), 0px 2px 2px 0px rgba(0, 0, 0, .14), 0px 1px 5px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-3:0px 3px 3px -2px rgba(0, 0, 0, .2), 0px 3px 4px 0px rgba(0, 0, 0, .14), 0px 1px 8px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-4:0px 2px 4px -1px rgba(0, 0, 0, .2), 0px 4px 5px 0px rgba(0, 0, 0, .14), 0px 1px 10px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-5:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 5px 8px 0px rgba(0, 0, 0, .14), 0px 1px 14px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-6:0px 3px 5px -1px rgba(0, 0, 0, .2), 0px 6px 10px 0px rgba(0, 0, 0, .14), 0px 1px 18px 0px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-7:0px 4px 5px -2px rgba(0, 0, 0, .2), 0px 7px 10px 1px rgba(0, 0, 0, .14), 0px 2px 16px 1px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-8:0px 5px 5px -3px rgba(0, 0, 0, .2), 0px 8px 10px 1px rgba(0, 0, 0, .14), 0px 3px 14px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-9:0px 5px 6px -3px rgba(0, 0, 0, .2), 0px 9px 12px 1px rgba(0, 0, 0, .14), 0px 3px 16px 2px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-10:0px 6px 6px -3px rgba(0, 0, 0, .2), 0px 10px 14px 1px rgba(0, 0, 0, .14), 0px 4px 18px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-11:0px 6px 7px -4px rgba(0, 0, 0, .2), 0px 11px 15px 1px rgba(0, 0, 0, .14), 0px 4px 20px 3px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-12:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 12px 17px 2px rgba(0, 0, 0, .14), 0px 5px 22px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-13:0px 7px 8px -4px rgba(0, 0, 0, .2), 0px 13px 19px 2px rgba(0, 0, 0, .14), 0px 5px 24px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-14:0px 7px 9px -4px rgba(0, 0, 0, .2), 0px 14px 21px 2px rgba(0, 0, 0, .14), 0px 5px 26px 4px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-15:0px 8px 9px -5px rgba(0, 0, 0, .2), 0px 15px 22px 2px rgba(0, 0, 0, .14), 0px 6px 28px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-16:0px 8px 10px -5px rgba(0, 0, 0, .2), 0px 16px 24px 2px rgba(0, 0, 0, .14), 0px 6px 30px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-17:0px 8px 11px -5px rgba(0, 0, 0, .2), 0px 17px 26px 2px rgba(0, 0, 0, .14), 0px 6px 32px 5px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-18:0px 9px 11px -5px rgba(0, 0, 0, .2), 0px 18px 28px 2px rgba(0, 0, 0, .14), 0px 7px 34px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-19:0px 9px 12px -6px rgba(0, 0, 0, .2), 0px 19px 29px 2px rgba(0, 0, 0, .14), 0px 7px 36px 6px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-20:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 20px 31px 3px rgba(0, 0, 0, .14), 0px 8px 38px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-21:0px 10px 13px -6px rgba(0, 0, 0, .2), 0px 21px 33px 3px rgba(0, 0, 0, .14), 0px 8px 40px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-22:0px 10px 14px -6px rgba(0, 0, 0, .2), 0px 22px 35px 3px rgba(0, 0, 0, .14), 0px 8px 42px 7px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-23:0px 11px 14px -7px rgba(0, 0, 0, .2), 0px 23px 36px 3px rgba(0, 0, 0, .14), 0px 9px 44px 8px rgba(0, 0, 0, .12);--mat-app-elevation-shadow-level-24:0px 11px 15px -7px rgba(0, 0, 0, .2), 0px 24px 38px 3px rgba(0, 0, 0, .14), 0px 9px 46px 8px rgba(0, 0, 0, .12);--mat-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-option-selected-state-label-text-color:#546e7a;--mat-option-label-text-color:white;--mat-option-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-option-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-option-selected-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-optgroup-label-text-color:white;--mat-pseudo-checkbox-full-selected-icon-color:#689f38;--mat-pseudo-checkbox-full-selected-checkmark-color:#303030;--mat-pseudo-checkbox-full-unselected-icon-color:rgba(255, 255, 255, .7);--mat-pseudo-checkbox-full-disabled-selected-checkmark-color:#303030;--mat-pseudo-checkbox-full-disabled-unselected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-pseudo-checkbox-full-disabled-selected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-pseudo-checkbox-minimal-selected-checkmark-color:#689f38;--mat-pseudo-checkbox-minimal-disabled-selected-checkmark-color:color-mix(in srgb, white 38%, transparent);--mat-card-elevated-container-color:#424242;--mat-card-elevated-container-elevation:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-card-outlined-container-color:#424242;--mat-card-outlined-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-card-outlined-outline-color:rgba(255, 255, 255, .12);--mat-card-subtitle-text-color:rgba(255, 255, 255, .7);--mat-card-filled-container-color:#424242;--mat-card-filled-container-elevation:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-tooltip-container-color:white;--mat-tooltip-supporting-text-color:rgba(0, 0, 0, .87);--mat-form-field-focus-select-arrow-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-filled-caret-color:#546e7a;--mat-form-field-filled-focus-active-indicator-color:#546e7a;--mat-form-field-filled-focus-label-text-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-outlined-caret-color:#546e7a;--mat-form-field-outlined-focus-outline-color:#546e7a;--mat-form-field-outlined-focus-label-text-color:color-mix(in srgb, #546e7a 87%, transparent);--mat-form-field-disabled-input-text-placeholder-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-state-layer-color:white;--mat-form-field-error-text-color:#ff5722;--mat-form-field-select-option-text-color:rgba(0, 0, 0, .87);--mat-form-field-select-disabled-option-text-color:rgba(0, 0, 0, .38);--mat-form-field-leading-icon-color:unset;--mat-form-field-disabled-leading-icon-color:unset;--mat-form-field-trailing-icon-color:unset;--mat-form-field-disabled-trailing-icon-color:unset;--mat-form-field-error-focus-trailing-icon-color:unset;--mat-form-field-error-hover-trailing-icon-color:unset;--mat-form-field-error-trailing-icon-color:unset;--mat-form-field-enabled-select-arrow-color:rgba(255, 255, 255, .7);--mat-form-field-disabled-select-arrow-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-hover-state-layer-opacity:.04;--mat-form-field-focus-state-layer-opacity:.12;--mat-form-field-filled-container-color:#4a4a4a;--mat-form-field-filled-disabled-container-color:color-mix(in srgb, white 4%, transparent);--mat-form-field-filled-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-filled-hover-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-filled-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-filled-input-text-color:white;--mat-form-field-filled-disabled-input-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-filled-input-text-placeholder-color:rgba(255, 255, 255, .7);--mat-form-field-filled-error-hover-label-text-color:#ff5722;--mat-form-field-filled-error-focus-label-text-color:#ff5722;--mat-form-field-filled-error-label-text-color:#ff5722;--mat-form-field-filled-error-caret-color:#ff5722;--mat-form-field-filled-active-indicator-color:rgba(255, 255, 255, .7);--mat-form-field-filled-disabled-active-indicator-color:color-mix(in srgb, white 12%, transparent);--mat-form-field-filled-hover-active-indicator-color:white;--mat-form-field-filled-error-active-indicator-color:#ff5722;--mat-form-field-filled-error-focus-active-indicator-color:#ff5722;--mat-form-field-filled-error-hover-active-indicator-color:#ff5722;--mat-form-field-outlined-label-text-color:rgba(255, 255, 255, .7);--mat-form-field-outlined-hover-label-text-color:white;--mat-form-field-outlined-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-outlined-input-text-color:white;--mat-form-field-outlined-disabled-input-text-color:color-mix(in srgb, white 38%, transparent);--mat-form-field-outlined-input-text-placeholder-color:rgba(255, 255, 255, .7);--mat-form-field-outlined-error-caret-color:#ff5722;--mat-form-field-outlined-error-focus-label-text-color:#ff5722;--mat-form-field-outlined-error-label-text-color:#ff5722;--mat-form-field-outlined-error-hover-label-text-color:#ff5722;--mat-form-field-outlined-outline-color:rgba(255, 255, 255, .38);--mat-form-field-outlined-disabled-outline-color:color-mix(in srgb, white 12%, transparent);--mat-form-field-outlined-hover-outline-color:white;--mat-form-field-outlined-error-focus-outline-color:#ff5722;--mat-form-field-outlined-error-hover-outline-color:#ff5722;--mat-form-field-outlined-error-outline-color:#ff5722;--mat-select-panel-background-color:#424242;--mat-select-enabled-trigger-text-color:white;--mat-select-disabled-trigger-text-color:color-mix(in srgb, white 38%, transparent);--mat-select-placeholder-text-color:rgba(255, 255, 255, .7);--mat-select-enabled-arrow-color:rgba(255, 255, 255, .7);--mat-select-disabled-arrow-color:color-mix(in srgb, white 38%, transparent);--mat-select-focused-arrow-color:#546e7a;--mat-select-invalid-arrow-color:#ff5722;--mat-autocomplete-background-color:#424242;--mat-dialog-container-color:#424242;--mat-dialog-subhead-color:white;--mat-dialog-supporting-text-color:rgba(255, 255, 255, .7);--mat-slide-toggle-selected-icon-color:white;--mat-slide-toggle-disabled-selected-icon-color:white;--mat-slide-toggle-selected-focus-state-layer-color:#546e7a;--mat-slide-toggle-selected-handle-color:#546e7a;--mat-slide-toggle-selected-hover-state-layer-color:#546e7a;--mat-slide-toggle-selected-pressed-state-layer-color:#546e7a;--mat-slide-toggle-selected-focus-handle-color:#546e7a;--mat-slide-toggle-selected-hover-handle-color:#546e7a;--mat-slide-toggle-selected-pressed-handle-color:#546e7a;--mat-slide-toggle-selected-focus-track-color:#546e7a;--mat-slide-toggle-selected-hover-track-color:#546e7a;--mat-slide-toggle-selected-pressed-track-color:#546e7a;--mat-slide-toggle-selected-track-color:#546e7a;--mat-slide-toggle-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-slide-toggle-disabled-handle-elevation-shadow:0px 0px 0px 0px rgba(0, 0, 0, .2), 0px 0px 0px 0px rgba(0, 0, 0, .14), 0px 0px 0px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-disabled-selected-handle-color:white;--mat-slide-toggle-disabled-selected-track-color:white;--mat-slide-toggle-disabled-unselected-handle-color:white;--mat-slide-toggle-disabled-unselected-icon-color:#4a4a4a;--mat-slide-toggle-disabled-unselected-track-color:white;--mat-slide-toggle-handle-elevation-shadow:0px 2px 1px -1px rgba(0, 0, 0, .2), 0px 1px 1px 0px rgba(0, 0, 0, .14), 0px 1px 3px 0px rgba(0, 0, 0, .12);--mat-slide-toggle-handle-surface-color:#424242;--mat-slide-toggle-label-text-color:white;--mat-slide-toggle-unselected-hover-handle-color:white;--mat-slide-toggle-unselected-focus-handle-color:white;--mat-slide-toggle-unselected-focus-state-layer-color:white;--mat-slide-toggle-unselected-focus-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-icon-color:#4a4a4a;--mat-slide-toggle-unselected-handle-color:rgba(255, 255, 255, .7);--mat-slide-toggle-unselected-hover-state-layer-color:white;--mat-slide-toggle-unselected-hover-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-pressed-handle-color:white;--mat-slide-toggle-unselected-pressed-track-color:rgba(255, 255, 255, .12);--mat-slide-toggle-unselected-pressed-state-layer-color:white;--mat-slide-toggle-unselected-track-color:rgba(255, 255, 255, .12);--mat-slider-active-track-color:#546e7a;--mat-slider-focus-handle-color:#546e7a;--mat-slider-handle-color:#546e7a;--mat-slider-hover-handle-color:#546e7a;--mat-slider-focus-state-layer-color:color-mix(in srgb, #546e7a 12%, transparent);--mat-slider-hover-state-layer-color:color-mix(in srgb, #546e7a 4%, transparent);--mat-slider-inactive-track-color:#546e7a;--mat-slider-ripple-color:#546e7a;--mat-slider-with-tick-marks-active-container-color:white;--mat-slider-with-tick-marks-inactive-container-color:#546e7a;--mat-slider-disabled-active-track-color:white;--mat-slider-disabled-handle-color:white;--mat-slider-disabled-inactive-track-color:white;--mat-slider-label-container-color:white;--mat-slider-label-label-text-color:rgba(0, 0, 0, .87);--mat-slider-value-indicator-opacity:1;--mat-slider-with-overlap-handle-outline-color:white;--mat-slider-with-tick-marks-disabled-container-color:white;--mat-menu-item-label-text-color:white;--mat-menu-item-icon-color:white;--mat-menu-item-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-menu-item-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-menu-container-color:#424242;--mat-menu-divider-color:rgba(255, 255, 255, .12);--mat-list-list-item-label-text-color:white;--mat-list-list-item-supporting-text-color:rgba(255, 255, 255, .7);--mat-list-list-item-leading-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-trailing-supporting-text-color:rgba(255, 255, 255, .7);--mat-list-list-item-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-selected-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-disabled-label-text-color:white;--mat-list-list-item-disabled-leading-icon-color:white;--mat-list-list-item-disabled-trailing-icon-color:white;--mat-list-list-item-hover-label-text-color:white;--mat-list-list-item-hover-leading-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-hover-state-layer-color:white;--mat-list-list-item-hover-state-layer-opacity:.04;--mat-list-list-item-hover-trailing-icon-color:rgba(255, 255, 255, .7);--mat-list-list-item-focus-label-text-color:white;--mat-list-list-item-focus-state-layer-color:white;--mat-list-list-item-focus-state-layer-opacity:.12;--mat-paginator-container-text-color:white;--mat-paginator-container-background-color:#424242;--mat-paginator-enabled-icon-color:rgba(255, 255, 255, .7);--mat-paginator-disabled-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-disabled-label-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-label-text-color:white;--mat-checkbox-disabled-selected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-disabled-unselected-icon-color:color-mix(in srgb, white 38%, transparent);--mat-checkbox-selected-checkmark-color:white;--mat-checkbox-selected-focus-icon-color:#689f38;--mat-checkbox-selected-hover-icon-color:#689f38;--mat-checkbox-selected-icon-color:#689f38;--mat-checkbox-selected-pressed-icon-color:#689f38;--mat-checkbox-unselected-focus-icon-color:white;--mat-checkbox-unselected-hover-icon-color:white;--mat-checkbox-unselected-icon-color:rgba(255, 255, 255, .7);--mat-checkbox-selected-focus-state-layer-color:#689f38;--mat-checkbox-selected-hover-state-layer-color:#689f38;--mat-checkbox-selected-pressed-state-layer-color:#689f38;--mat-checkbox-unselected-focus-state-layer-color:white;--mat-checkbox-unselected-hover-state-layer-color:white;--mat-checkbox-unselected-pressed-state-layer-color:white;--mat-button-filled-container-color:#424242;--mat-button-filled-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-filled-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-filled-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-filled-focus-state-layer-opacity:.12;--mat-button-filled-hover-state-layer-opacity:.04;--mat-button-filled-label-text-color:white;--mat-button-filled-pressed-state-layer-opacity:.12;--mat-button-filled-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-filled-state-layer-color:white;--mat-button-outlined-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-outlined-disabled-outline-color:rgba(255, 255, 255, .12);--mat-button-outlined-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-outlined-focus-state-layer-opacity:.12;--mat-button-outlined-hover-state-layer-opacity:.04;--mat-button-outlined-label-text-color:white;--mat-button-outlined-outline-color:rgba(255, 255, 255, .12);--mat-button-outlined-pressed-state-layer-opacity:.12;--mat-button-outlined-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-outlined-state-layer-color:white;--mat-button-protected-container-color:#424242;--mat-button-protected-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-protected-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-protected-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-protected-focus-state-layer-opacity:.12;--mat-button-protected-hover-state-layer-opacity:.04;--mat-button-protected-label-text-color:white;--mat-button-protected-pressed-state-layer-opacity:.12;--mat-button-protected-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-protected-state-layer-color:white;--mat-button-text-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-text-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-text-focus-state-layer-opacity:.12;--mat-button-text-hover-state-layer-opacity:.04;--mat-button-text-label-text-color:white;--mat-button-text-pressed-state-layer-opacity:.12;--mat-button-text-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-text-state-layer-color:white;--mat-button-tonal-container-color:#424242;--mat-button-tonal-disabled-container-color:color-mix(in srgb, white 12%, transparent);--mat-button-tonal-disabled-label-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-tonal-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-button-tonal-focus-state-layer-opacity:.12;--mat-button-tonal-hover-state-layer-opacity:.04;--mat-button-tonal-label-text-color:white;--mat-button-tonal-pressed-state-layer-opacity:.12;--mat-button-tonal-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-button-tonal-state-layer-color:white;--mat-icon-button-disabled-icon-color:color-mix(in srgb, white 38%, transparent);--mat-icon-button-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-icon-button-focus-state-layer-opacity:.12;--mat-icon-button-hover-state-layer-opacity:.04;--mat-icon-button-icon-color:inherit;--mat-icon-button-pressed-state-layer-opacity:.12;--mat-icon-button-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-icon-button-state-layer-color:white;--mat-fab-container-color:#424242;--mat-fab-disabled-state-container-color:color-mix(in srgb, white 12%, transparent);--mat-fab-disabled-state-foreground-color:color-mix(in srgb, white 38%, transparent);--mat-fab-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-fab-focus-state-layer-opacity:.12;--mat-fab-foreground-color:white;--mat-fab-hover-state-layer-opacity:.04;--mat-fab-pressed-state-layer-opacity:.12;--mat-fab-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-container-color:#424242;--mat-fab-small-disabled-state-container-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-disabled-state-foreground-color:color-mix(in srgb, white 38%, transparent);--mat-fab-small-disabled-state-layer-color:rgba(255, 255, 255, .7);--mat-fab-small-focus-state-layer-opacity:.12;--mat-fab-small-foreground-color:white;--mat-fab-small-hover-state-layer-opacity:.04;--mat-fab-small-pressed-state-layer-opacity:.12;--mat-fab-small-ripple-color:color-mix(in srgb, white 12%, transparent);--mat-fab-small-state-layer-color:white;--mat-fab-state-layer-color:white;--mat-snack-bar-container-color:white;--mat-snack-bar-supporting-text-color:rgba(0, 0, 0, .87);--mat-snack-bar-button-color:#546e7a;--mat-table-background-color:#424242;--mat-table-header-headline-color:white;--mat-table-row-item-label-text-color:white;--mat-table-row-item-outline-color:rgba(255, 255, 255, .12);--mat-progress-spinner-active-indicator-color:#546e7a;--mat-badge-background-color:#546e7a;--mat-badge-text-color:white;--mat-badge-disabled-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-badge-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-bottom-sheet-container-text-color:white;--mat-bottom-sheet-container-background-color:#424242;--mat-button-toggle-background-color:#424242;--mat-button-toggle-disabled-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-disabled-selected-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-disabled-state-background-color:#424242;--mat-button-toggle-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-divider-color:rgba(255, 255, 255, .12);--mat-button-toggle-legacy-disabled-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-disabled-state-background-color:#424242;--mat-button-toggle-legacy-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-button-toggle-legacy-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-selected-state-text-color:white;--mat-button-toggle-legacy-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-legacy-text-color:white;--mat-button-toggle-selected-state-background-color:color-mix(in srgb, white 12%, transparent);--mat-button-toggle-selected-state-text-color:white;--mat-button-toggle-state-layer-color:white;--mat-button-toggle-text-color:white;--mat-datepicker-calendar-date-in-range-state-background-color:color-mix(in srgb, #546e7a 20%, transparent);--mat-datepicker-calendar-date-in-comparison-range-state-background-color:color-mix(in srgb, #689f38 20%, transparent);--mat-datepicker-calendar-date-in-overlap-range-state-background-color:#a8dab5;--mat-datepicker-calendar-date-in-overlap-range-selected-state-background-color:rgb(69.5241935484, 163.4758064516, 93.9516129032);--mat-datepicker-calendar-date-selected-state-text-color:white;--mat-datepicker-calendar-date-selected-state-background-color:#546e7a;--mat-datepicker-calendar-date-selected-disabled-state-background-color:color-mix(in srgb, #546e7a 38%, transparent);--mat-datepicker-calendar-date-today-selected-state-outline-color:white;--mat-datepicker-calendar-date-focus-state-background-color:color-mix(in srgb, #546e7a 12%, transparent);--mat-datepicker-calendar-date-hover-state-background-color:color-mix(in srgb, #546e7a 4%, transparent);--mat-datepicker-toggle-active-state-icon-color:#546e7a;--mat-datepicker-toggle-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-body-label-text-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-period-button-text-color:white;--mat-datepicker-calendar-period-button-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-navigation-button-icon-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-header-divider-color:rgba(255, 255, 255, .12);--mat-datepicker-calendar-header-text-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-date-today-outline-color:rgba(255, 255, 255, .7);--mat-datepicker-calendar-date-today-disabled-state-outline-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-date-text-color:white;--mat-datepicker-calendar-date-outline-color:transparent;--mat-datepicker-calendar-date-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-date-preview-state-outline-color:rgba(255, 255, 255, .7);--mat-datepicker-range-input-separator-color:white;--mat-datepicker-range-input-disabled-state-separator-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-range-input-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-datepicker-calendar-container-background-color:#424242;--mat-datepicker-calendar-container-text-color:white;--mat-divider-color:rgba(255, 255, 255, .12);--mat-expansion-container-background-color:#424242;--mat-expansion-container-text-color:white;--mat-expansion-actions-divider-color:rgba(255, 255, 255, .12);--mat-expansion-header-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-expansion-header-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-expansion-header-disabled-state-text-color:color-mix(in srgb, white 38%, transparent);--mat-expansion-header-text-color:white;--mat-expansion-header-description-color:rgba(255, 255, 255, .7);--mat-expansion-header-indicator-color:rgba(255, 255, 255, .7);--mat-icon-color:inherit;--mat-sidenav-container-divider-color:rgba(255, 255, 255, .12);--mat-sidenav-container-background-color:#424242;--mat-sidenav-container-text-color:white;--mat-sidenav-content-background-color:#303030;--mat-sidenav-content-text-color:white;--mat-sidenav-scrim-color:rgba(255, 255, 255, .6);--mat-stepper-header-icon-foreground-color:white;--mat-stepper-header-selected-state-icon-background-color:#546e7a;--mat-stepper-header-selected-state-icon-foreground-color:white;--mat-stepper-header-done-state-icon-background-color:#546e7a;--mat-stepper-header-done-state-icon-foreground-color:white;--mat-stepper-header-edit-state-icon-background-color:#546e7a;--mat-stepper-header-edit-state-icon-foreground-color:white;--mat-stepper-container-color:#424242;--mat-stepper-line-color:rgba(255, 255, 255, .12);--mat-stepper-header-hover-state-layer-color:color-mix(in srgb, white 4%, transparent);--mat-stepper-header-focus-state-layer-color:color-mix(in srgb, white 12%, transparent);--mat-stepper-header-label-text-color:rgba(255, 255, 255, .7);--mat-stepper-header-optional-label-text-color:rgba(255, 255, 255, .7);--mat-stepper-header-selected-state-label-text-color:white;--mat-stepper-header-error-state-label-text-color:#ff5722;--mat-stepper-header-icon-background-color:rgba(255, 255, 255, .7);--mat-stepper-header-error-state-icon-foreground-color:#ff5722;--mat-stepper-header-error-state-icon-background-color:transparent;--mat-sort-arrow-color:white;--mat-toolbar-container-background-color:#424242;--mat-toolbar-container-text-color:white;--mat-tree-container-background-color:#424242;--mat-tree-node-text-color:white;--mat-timepicker-container-background-color:#424242}.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:rgb(96.4776699029, 126.3398058252, 140.1223300971);--theme-primary-light:rgb(105.1650485437, 137.0970873786, 151.8349514563);--theme-primary-darker:rgb(71.5223300971, 93.6601941748, 103.8776699029);--theme-primary-dark:rgb(63.2038834951, 82.7669902913, 91.7961165049);--theme-primary-fade-10:#546e7a;--theme-primary-fade-20:#546e7a;--theme-primary-fade-30:#546e7a;--theme-primary-fade-40:#546e7a;--theme-primary-fade-50:#546e7a;--theme-accent:#689f38;--theme-accent-lighter:rgb(118.8018604651, 181.6297674419, 63.9702325581);--theme-accent-light:rgb(129.0279069767, 191.4465116279, 74.5534883721);--theme-accent-darker:rgb(89.1981395349, 136.3702325581, 48.0297674419);--theme-accent-dark:rgb(79.3302325581, 121.2837209302, 42.7162790698);--theme-accent-fade-10:#689f38;--theme-accent-fade-20:#689f38;--theme-accent-fade-30:#689f38;--theme-accent-fade-40:#689f38;--theme-accent-fade-50:#689f38;--theme-warn:#ff5722;--theme-warn-lighter:rgb(255, 110.2615384615, 64.6);--theme-warn-light:rgb(255, 125.7692307692, 85);--theme-warn-darker:rgb(255, 63.7384615385, 3.4);--theme-warn-dark:rgb(238, 57.0769230769, 0);--theme-warn-fade-10:#ff5722;--theme-warn-fade-20:#ff5722;--theme-warn-fade-30:#ff5722;--theme-warn-fade-40:#ff5722;--theme-warn-fade-50:#ff5722;--theme-text:white;--theme-text-lighter:hsl(0, 0%, 106%);--theme-text-light:hsl(0, 0%, 110%);--theme-text-darker:rgb(229.5, 229.5, 229.5);--theme-text-dark:rgb(191.25, 191.25, 191.25);--theme-text-fade-10:white;--theme-text-fade-20:white;--theme-text-fade-30:white;--theme-text-fade-40:white;--theme-text-fade-50:white;--theme-text-invert-15:rgb(216.75, 216.75, 216.75);--theme-text-invert-30:rgb(178.5, 178.5, 178.5);--theme-background:#424242;--theme-background-lighter:rgb(81.3, 81.3, 81.3);--theme-background-light:rgb(91.5, 91.5, 91.5);--theme-background-darker:rgb(50.7, 50.7, 50.7);--theme-background-dark:rgb(40.5, 40.5, 40.5);--theme-background-darkest:rgb(30.3, 30.3, 30.3);--mdc-filled-text-field-container-color:#0000;--mdc-filled-text-field-disabled-container-color:#0000}@media screen and (-webkit-min-device-pixel-ratio:0){}\u003c/style\u003e\u003clink rel=\"stylesheet\" href=\"styles.css\" media=\"print\" onload=\"this.media='all'\"\u003e\u003cnoscript\u003e\u003clink rel=\"stylesheet\" href=\"styles.css\"\u003e\u003c/noscript\u003e\u003c/head\u003e\n\u003cbody class=\"mat-app-background mat-typography bluegrey-lightgreen-theme\"\u003e\n \u003capp-root\u003e\u003c/app-root\u003e\n\u003cscript src=\"runtime.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"polyfills.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"vendor.js\" type=\"module\"\u003e\u003c/script\u003e\u003cscript src=\"main.js\" type=\"module\"\u003e\u003c/script\u003e\u003c/body\u003e\n\u003c/html\u003e\n","timestamp":"2025-10-10T15:52:17.45093542Z","interaction":{"protocol":"dns","unique-id":"d3kin1q08hes73f859bgqcpfuf1qxf49u","full-id":"d3kIN1q08hes73f859bgqcpfUF1qXF49u","q-type":"A","raw-request":";; opcode: QUERY, status: NOERROR, id: 53057\n;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;d3kIN1q08hes73f859bgqcpfUF1qXF49u.oaSt.SitE.\tIN\t A\n","raw-response":";; opcode: QUERY, status: NOERROR, id: 53057\n;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2\n\n;; QUESTION SECTION:\n;d3kIN1q08hes73f859bgqcpfUF1qXF49u.oaSt.SitE.\tIN\t A\n\n;; ANSWER SECTION:\nd3kIN1q08hes73f859bgqcpfUF1qXF49u.oaSt.SitE.\t3600\tIN\tA\t178.128.16.97\n\n;; AUTHORITY SECTION:\nd3kIN1q08hes73f859bgqcpfUF1qXF49u.oaSt.SitE.\t3600\tIN\tNS\tns1.oast.site.\nd3kIN1q08hes73f859bgqcpfUF1qXF49u.oaSt.SitE.\t3600\tIN\tNS\tns2.oast.site.\n\n;; ADDITIONAL SECTION:\nns1.oast.site.\t3600\tIN\tA\t178.128.16.97\nns2.oast.site.\t3600\tIN\tA\t178.128.16.97\n","remote-address":"172.217.33.220","timestamp":"2025-10-10T15:52:13.420001673Z"},"curl-command":"curl -X 'GET' -d '' -H 'Host: d3kin1q08hes73f859bgqcpfuf1qxf49u.oast.site' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.1' 'http://host.docker.internal:3000'","matcher-status":true} \ No newline at end of file diff --git a/labs/lab5/semgrep/juice-shop b/labs/lab5/semgrep/juice-shop new file mode 160000 index 00000000..36870cbb --- /dev/null +++ b/labs/lab5/semgrep/juice-shop @@ -0,0 +1 @@ +Subproject commit 36870cbbdfe7864698e1adf644c7bf772f67ebb7 diff --git a/labs/lab5/semgrep/semgrep-results.json b/labs/lab5/semgrep/semgrep-results.json new file mode 100644 index 00000000..20d35ce4 --- /dev/null +++ b/labs/lab5/semgrep/semgrep-results.json @@ -0,0 +1 @@ +{"version":"1.138.0","results":[{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/data/static/codefixes/dbSchemaChallenge_1.ts","start":{"line":5,"col":28,"offset":284},"end":{"line":5,"col":162,"offset":418},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/data/static/codefixes/dbSchemaChallenge_3.ts","start":{"line":11,"col":28,"offset":419},"end":{"line":11,"col":159,"offset":550},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/data/static/codefixes/unionSqlInjectionChallenge_1.ts","start":{"line":6,"col":28,"offset":326},"end":{"line":6,"col":159,"offset":457},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/data/static/codefixes/unionSqlInjectionChallenge_3.ts","start":{"line":10,"col":28,"offset":458},"end":{"line":10,"col":159,"offset":589},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","path":"/src/frontend/src/app/navbar/navbar.component.html","start":{"line":17,"col":47,"offset":665},"end":{"line":17,"col":66,"offset":684},"extra":{"message":"Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: \"{{ expr }}\".","metadata":{"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection"],"references":["https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss"],"category":"security","technology":["html-templates"],"confidence":"LOW","cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","shortlink":"https://sg.run/weNX"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","path":"/src/frontend/src/app/purchase-basket/purchase-basket.component.html","start":{"line":15,"col":71,"offset":491},"end":{"line":15,"col":87,"offset":507},"extra":{"message":"Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: \"{{ expr }}\".","metadata":{"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection"],"references":["https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss"],"category":"security","technology":["html-templates"],"confidence":"LOW","cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","shortlink":"https://sg.run/weNX"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","path":"/src/frontend/src/app/search-result/search-result.component.html","start":{"line":40,"col":97,"offset":1765},"end":{"line":40,"col":110,"offset":1778},"extra":{"message":"Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: \"{{ expr }}\".","metadata":{"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection"],"references":["https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss"],"category":"security","technology":["html-templates"],"confidence":"LOW","cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var","shortlink":"https://sg.run/weNX"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret","path":"/src/lib/insecurity.ts","start":{"line":56,"col":56,"offset":2827},"end":{"line":56,"col":66,"offset":2837},"extra":{"message":"A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).","metadata":{"cwe":["CWE-798: Use of Hard-coded Credentials"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html"],"owasp":["A07:2021 - Identification and Authentication Failures"],"asvs":{"control_id":"3.5.2 Static API keys or secret","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V3-Session-management.md#v35-token-based-session-management","section":"V3: Session Management Verification Requirements","version":"4"},"category":"security","technology":["jwt","javascript","secrets"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Hard-coded Secrets"],"source":"https://semgrep.dev/r/javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret","shortlink":"https://sg.run/4xN9"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.injection.raw-html-format.raw-html-format","path":"/src/routes/chatbot.ts","start":{"line":197,"col":46,"offset":6083},"end":{"line":197,"col":56,"offset":6093},"extra":{"message":"User data flows into the host portion of this manually-constructed HTML. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Consider using a sanitization library such as DOMPurify to sanitize the HTML within.","metadata":{"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"],"category":"security","technology":["express"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/javascript.express.security.injection.raw-html-format.raw-html-format","shortlink":"https://sg.run/5DO3"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-res-sendfile.express-res-sendfile","path":"/src/routes/fileServer.ts","start":{"line":33,"col":20,"offset":1142},"end":{"line":33,"col":46,"offset":1168},"extra":{"message":"The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.","metadata":{"references":["https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html"],"technology":["express"],"category":"security","cwe":["CWE-73: External Control of File Name or Path"],"owasp":["A04:2021 - Insecure Design"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-res-sendfile.express-res-sendfile","shortlink":"https://sg.run/7DJk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-res-sendfile.express-res-sendfile","path":"/src/routes/keyServer.ts","start":{"line":14,"col":20,"offset":410},"end":{"line":14,"col":57,"offset":447},"extra":{"message":"The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.","metadata":{"references":["https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html"],"technology":["express"],"category":"security","cwe":["CWE-73: External Control of File Name or Path"],"owasp":["A04:2021 - Insecure Design"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-res-sendfile.express-res-sendfile","shortlink":"https://sg.run/7DJk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-res-sendfile.express-res-sendfile","path":"/src/routes/logfileServer.ts","start":{"line":14,"col":20,"offset":410},"end":{"line":14,"col":47,"offset":437},"extra":{"message":"The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.","metadata":{"references":["https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html"],"technology":["express"],"category":"security","cwe":["CWE-73: External Control of File Name or Path"],"owasp":["A04:2021 - Insecure Design"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-res-sendfile.express-res-sendfile","shortlink":"https://sg.run/7DJk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/routes/login.ts","start":{"line":34,"col":28,"offset":1459},"end":{"line":34,"col":169,"offset":1600},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-res-sendfile.express-res-sendfile","path":"/src/routes/quarantineServer.ts","start":{"line":14,"col":20,"offset":424},"end":{"line":14,"col":57,"offset":461},"extra":{"message":"The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.","metadata":{"references":["https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html"],"technology":["express"],"category":"security","cwe":["CWE-73: External Control of File Name or Path"],"owasp":["A04:2021 - Insecure Design"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-res-sendfile.express-res-sendfile","shortlink":"https://sg.run/7DJk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect","path":"/src/routes/redirect.ts","start":{"line":19,"col":7,"offset":1032},"end":{"line":19,"col":26,"offset":1051},"extra":{"message":"It looks like 'toUrl' is read from user input and it is used to as a redirect. Ensure 'toUrl' is not externally controlled, otherwise this is an open redirect.","metadata":{"owasp":["A01:2021 - Broken Access Control"],"cwe":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"asvs":{"control_id":"5.5.1 Insecue Redirect","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v51-input-validation","section":"V5 Validation, Sanitization and Encoding","version":"4"},"category":"security","technology":["express"],"subcategory":["audit"],"likelihood":"LOW","impact":"LOW","confidence":"LOW","references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Open Redirect"],"source":"https://semgrep.dev/r/javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect","shortlink":"https://sg.run/OPv2"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-open-redirect.express-open-redirect","path":"/src/routes/redirect.ts","start":{"line":19,"col":20,"offset":1045},"end":{"line":19,"col":25,"offset":1050},"extra":{"message":"The application redirects to a URL specified by user-supplied input `query` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.","metadata":{"technology":["express"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"],"cwe":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"category":"security","owasp":["A01:2021 - Broken Access Control"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Open Redirect"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-open-redirect.express-open-redirect","shortlink":"https://sg.run/EpoP"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","path":"/src/routes/search.ts","start":{"line":23,"col":28,"offset":847},"end":{"line":23,"col":159,"offset":978},"extra":{"message":"Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.","metadata":{"interfile":true,"references":["https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements"],"category":"security","technology":["express"],"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"HIGH","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection","shortlink":"https://sg.run/gjoe"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.code-string-concat.code-string-concat","path":"/src/routes/userProfile.ts","start":{"line":62,"col":20,"offset":1855},"end":{"line":62,"col":30,"offset":1865},"extra":{"message":"Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.","metadata":{"interfile":true,"confidence":"HIGH","owasp":["A03:2021 - Injection"],"cwe":["CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"],"references":["https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval","https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback","https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/","https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html"],"category":"security","technology":["node.js","Express","Next.js"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Code Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.code-string-concat.code-string-concat","shortlink":"https://sg.run/96Yk"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag","path":"/src/routes/videoHandler.ts","start":{"line":58,"col":90,"offset":1893},"end":{"line":58,"col":94,"offset":1897},"extra":{"message":"Cannot determine what 'subs' is and it is used with a '", + "otherinfo": "" + }, + { + "id": "19", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "2", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "3", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "93", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "94", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "88", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "89", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "46", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "47", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "10", + "systemic": false, + "solution": "

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

", + "otherinfo": "", + "reference": "", + "cweid": "829", + "wascid": "15", + "sourceid": "9" + }, + { + "pluginid": "10110", + "alertRef": "10110", + "alert": "Dangerous JS Functions", + "name": "Dangerous JS Functions", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A dangerous JS function seems to be in use that would leave the site vulnerable.

", + "instances":[ + { + "id": "63", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + }, + { + "id": "68", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + } + ], + "count": "2", + "systemic": false, + "solution": "

See the references for security advice on the use of these functions.

", + "otherinfo": "", + "reference": "

https://v17.angular.io/guide/security

", + "cweid": "749", + "wascid": "-1", + "sourceid": "24" + }, + { + "pluginid": "10063", + "alertRef": "10063-2", + "alert": "Deprecated Feature Policy Header Set", + "name": "Deprecated Feature Policy Header Set", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The header has now been renamed to Permissions-Policy.

", + "instances":[ + { + "id": "27", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "9", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "75", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "80", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "83", + "uri": "http://localhost:3000/ftp/eastere.gg", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "82", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "64", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "53", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "40", + "uri": "http://localhost:3000/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "55", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "69", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + } + ], + "count": "11", + "systemic": false, + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/

", + "cweid": "16", + "wascid": "15", + "sourceid": "9" + }, + { + "pluginid": "90004", + "alertRef": "90004-2", + "alert": "Insufficient Site Isolation Against Spectre Vulnerability", + "name": "Insufficient Site Isolation Against Spectre Vulnerability", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).

", + "instances":[ + { + "id": "28", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "10", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "76", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "91", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "56", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "29", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "11", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "77", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "92", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "58", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "10", + "systemic": false, + "solution": "

Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy

", + "cweid": "693", + "wascid": "14", + "sourceid": "9" + }, + { + "pluginid": "10096", + "alertRef": "10096", + "alert": "Timestamp Disclosure - Unix", + "name": "Timestamp Disclosure - Unix", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A timestamp was disclosed by the application/web server. - Unix

", + "instances":[ + { + "id": "23", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "25", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "24", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "5", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "7", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "6", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "49", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "52", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "50", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + } + ], + "count": "9", + "systemic": false, + "solution": "

Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

", + "otherinfo": "

1650485437, which evaluates to: 2022-04-20 20:10:37.

", + "reference": "

https://cwe.mitre.org/data/definitions/200.html

", + "cweid": "497", + "wascid": "13", + "sourceid": "9" + }, + { + "pluginid": "10027", + "alertRef": "10027", + "alert": "Information Disclosure - Suspicious Comments", + "name": "Information Disclosure - Suspicious Comments", + "riskcode": "0", + "confidence": "1", + "riskdesc": "Informational (Low)", + "desc": "

The response appears to contain suspicious comments which may help an attacker.

", + "instances":[ + { + "id": "60", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet." + }, + { + "id": "66", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//www.w3.org/2000/svg\" viewBox=\"0 0 512 512\">Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

", + "otherinfo": "

The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet.

", + "reference": "", + "cweid": "615", + "wascid": "13", + "sourceid": "24" + }, + { + "pluginid": "10109", + "alertRef": "10109", + "alert": "Modern Web Application", + "name": "Modern Web Application", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

", + "instances":[ + { + "id": "22", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "4", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "95", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "90", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "99", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:286:9", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "97", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "98", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "100", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "101", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:421:3", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "96", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/layer.js:95:5", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "48", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + } + ], + "count": "11", + "systemic": false, + "solution": "

This is an informational alert and so no changes are required.

", + "otherinfo": "

No links have been found while there are scripts, which is an indication that this is a modern web application.

", + "reference": "", + "cweid": "-1", + "wascid": "-1", + "sourceid": "9" + }, + { + "pluginid": "10049", + "alertRef": "10049-3", + "alert": "Storable and Cacheable Content", + "name": "Storable and Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where \"shared\" caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

", + "instances":[ + { + "id": "74", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234." + }, + { + "id": "13", + "uri": "http://localhost:3000/robots.txt", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234." + } + ], + "count": "2", + "systemic": false, + "solution": "

Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.

", + "otherinfo": "

In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.

", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "26" + }, + { + "pluginid": "10049", + "alertRef": "10049-2", + "alert": "Storable but Non-Cacheable Content", + "name": "Storable but Non-Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.

", + "instances":[ + { + "id": "26", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "8", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "42", + "uri": "http://localhost:3000/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "73", + "uri": "http://localhost:3000/ftp/acquisitions.md", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "62", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "51", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "39", + "uri": "http://localhost:3000/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "54", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "61", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "67", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + } + ], + "count": "10", + "systemic": false, + "solution": "", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "9" + }, + { + "pluginid": "10104", + "alertRef": "10104", + "alert": "User Agent Fuzzer", + "name": "User Agent Fuzzer", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.

", + "instances":[ + { + "id": "106", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "104", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "103", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "108", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", + "evidence": "", + "otherinfo": "" + }, + { + "id": "110", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "125", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", + "evidence": "", + "otherinfo": "" + }, + { + "id": "122", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "112", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "116", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "121", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4", + "evidence": "", + "otherinfo": "" + }, + { + "id": "119", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16", + "evidence": "", + "otherinfo": "" + }, + { + "id": "114", + "uri": "http://localhost:3000/assets", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "msnbot/1.1 (+http://search.msn.com/msnbot.htm)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "107", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "105", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "102", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "109", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", + "evidence": "", + "otherinfo": "" + }, + { + "id": "111", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "124", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", + "evidence": "", + "otherinfo": "" + }, + { + "id": "123", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "113", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "117", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "120", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4", + "evidence": "", + "otherinfo": "" + }, + { + "id": "118", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16", + "evidence": "", + "otherinfo": "" + }, + { + "id": "115", + "uri": "http://localhost:3000/assets/public", + "nodeName": null, + "method": "GET", + "param": "Header User-Agent", + "attack": "msnbot/1.1 (+http://search.msn.com/msnbot.htm)", + "evidence": "", + "otherinfo": "" + } + ], + "count": "24", + "systemic": false, + "solution": "", + "otherinfo": "", + "reference": "

https://owasp.org/wstg

", + "cweid": "0", + "wascid": "0", + "sourceid": "2936" + } + ] + } + ], + "sequences":[ + ] + +} diff --git a/labs/lab8/signing/cosign.key b/labs/lab8/signing/cosign.key new file mode 100644 index 00000000..083fd477 --- /dev/null +++ b/labs/lab8/signing/cosign.key @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY----- +eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjo2NTUzNiwiciI6 +OCwicCI6MX0sInNhbHQiOiI2ZXRUbkU2WWZ4OUNvOTZ4ZGtTNEpuQzc4eGw1SUti +clhXc2pmQWlETERjPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94 +Iiwibm9uY2UiOiJTcHFraUhZemJ4MElWYVRRRUp3MS92eUVOZGExWnY2VSJ9LCJj +aXBoZXJ0ZXh0IjoiWm9mVjJFbUJOTitSakMzcTNETFZDQXVrUm4zYnRrcDByYk5M +dDVpcVEzSEU2ZmJRd2RFR3lEWGZLcGJoOUlXOHM3U3dCSEdBQVllMWJQMkhib3dS +ZHlWYVNpdndEN1paV2hhWjZNY2V6TGRGekR2VFlFT2NHajRtYlBlTG4xU1IvY1Ni +czhJK3BoRkNsSVVodjNkSjg4SUg0YzNBMTlJZnE2VjhvZEJ1RThnTy8xNW5mK21Y +TndLYkxlTFZPQklKYm5ZQ214c1owNHZQTUE9PSJ9 +-----END ENCRYPTED SIGSTORE PRIVATE KEY----- diff --git a/labs/lab8/signing/cosign.pub b/labs/lab8/signing/cosign.pub new file mode 100644 index 00000000..9699e879 --- /dev/null +++ b/labs/lab8/signing/cosign.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOaPVYFmD2fY8SQtJC0lGxm71xEWV +dzgb0CbcacQY7TO1sGU1BI8HbVYn7bx3yckbFHve+M5GkBHbZamifx79eQ== +-----END PUBLIC KEY----- diff --git a/labs/submission10.md b/labs/submission10.md new file mode 100644 index 00000000..60732f88 --- /dev/null +++ b/labs/submission10.md @@ -0,0 +1,78 @@ +# Lab 10 - Vulnerability Management & Response with DefectDojo + +## 1. DefectDojo Local Setup + +### 1.1 Environment Setup Summary + +* DefectDojo cloned from upstream repo. +* Docker Compose build completed successfully. +* All containers running and healthy (`docker compose ps`). +* Admin credentials retrieved from initializer logs. + +### 1.2 Evidence + +![alt text](image.png) +![alt text](image-1.png) + +--- + +## 2. Importing Findings (ZAP, Semgrep, Trivy, Nuclei, Grype) + +### 2.1 API Setup + +* API token obtained +* Environment variables set: + + ```bash + export DD_API="http://localhost:8080/api/v2" + export DD_TOKEN="" + export DD_PRODUCT_TYPE="Engineering" + export DD_PRODUCT="Juice Shop" + export DD_ENGAGEMENT="Labs Security Testing" + ``` + +### 2.2 Imported Reports + +* ZAP — +* Semgrep +* Trivy +* Nuclei +* Grype + +### 2.3 Import Evidence + +* JSON responses stored under `labs/lab10/imports/` +* Notes on number of findings produced per tool + +--- + +## 3. Reporting & Metrics + +### 3.1 Metrics Snapshot + +* **Date captured:** Dec 1, 2025 +* **Active findings:** + + * Critical: 8 + * High: 21 + * Medium: 23 + * Low: 1 + * Informational: 15 +* **Verified vs. Mitigated Notes:** All findings currently active; no verified or mitigated items yet. + +### 3.2 Governance‑Ready Artifacts + +All exported files saved under `labs/lab10/report/`: + +* `metrics-snapshot.md` +* `dojo-report.pdf` +* `findings.csv` + +### 3.3 Summary of Key Metrics + +* **Open vs. Closed Findings:** All 68 findings remain open and active; no findings have been verified or mitigated yet. +* **Findings by Tool:** Anchore Grype contributed the overwhelming majority of findings (65), Nuclei added 3 informational findings, while Semgrep and Trivy produced no actionable results in this engagement. +* **SLA Status:** No SLA breaches were detected. Critical findings carry a 7‑day SLA, High a 30‑day SLA, Medium a 90‑day SLA, and Low an extended 120‑day SLA. All items are newly created (Age = 0 days) and within their respective windows. +* **Top Issue Categories (CWE / OWASP Themes):** Most issues map to dependency‑related vulnerabilities (CWE‑937 “Using Components with Known Vulnerabilities”), improper input or output handling, header/security misconfigurations (missing SRI, exposure tags), and public API/Swagger exposure patterns. +* **Severity Distribution:** The engagement is dominated by High (21) and Medium (23) severity dependency vulnerabilities, indicating significant third‑party library risk concentration. +